Description

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.

Remediation

References

CVE-2012-4554

Related Vulnerabilities

WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)

WordPress Plugin Simple File List Arbitrary File Deletion (4.2.7)

WordPress Plugin Gravity Forms Advanced File Uploader Unspecified Vulnerability (1.18)

Opencart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3763)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38902)

Severity

Medium

Classification

CVE-2012-4554 CWE-264

Tags

Missing Update Known Vulnerabilities