CVE-2012-4554
Drupal <7.16 - SSRF
Title source: llmDescription
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
Exploits (1)
metasploit
WORKING POC
by Reginaldo Silva, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/drupal_openid_xxe.rb
Scores
EPSS
0.5508
EPSS Percentile
98.1%
Details
CWE
CWE-264
Status
published
Products (16)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 6 more
Published
Nov 11, 2012
Tracked Since
Feb 18, 2026