Description
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
References (5)
Core 5
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19920
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3530
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21811
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/83064
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/28623
Scores
EPSS
0.0079
EPSS Percentile
74.1%
Details
Status
published
Products (2)
drupal/drupal_pubcookie_module
1.2.2.4
drupal/drupal_pubcookie_module
1.6.2.1
Published
Sep 12, 2006
Tracked Since
Feb 18, 2026