Description

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.

Remediation

References

CVE-2012-4554

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-2334)

phpMyAdmin Cryptographic Issues Vulnerability (CVE-2015-3903)

WordPress Plugin HAL Cross-Site Scripting (2.1.1)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)

WordPress Plugin Wow Viral Signups SQL Injection (2.1)

Severity

Medium

Classification

CVE-2012-4554 CWE-264

Tags

Missing Update Known Vulnerabilities