Description
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Remediation
References
Related Vulnerabilities
TYPO3 CVE-2024-25118 Vulnerability (CVE-2024-25118)
WordPress Plugin WP-Predict 'predictId' Parameter Blind SQL Injection (1.0)
WordPress Plugin WP Mailto Links-Manage Email Links Cross-Site Scripting (2.0.1)
WordPress Plugin Watu Quiz Unspecified Vulnerability (2.6)
WordPress Plugin Migration, Backup, Staging-WPvivid PHAR Deserialization (0.9.74)