Total vulnerabilities in the database
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.
| Software | From | Fixed in |
|---|---|---|
| drupal / drupal | 5.10 | 5.10.x |
| drupal / drupal | 6.0-beta2 | 6.0-beta2.x |
| drupal / drupal | 6.2 | 6.2.x |
| drupal / drupal | 5.13 | 5.13.x |
| drupal / drupal | 5.12 | 5.12.x |
| drupal / drupal | 6.0-beta4 | 6.0-beta4.x |
| drupal / drupal | 6.0-rc-2 | 6.0-rc-2.x |
| drupal / drupal | 6.4 | 6.4.x |
| drupal / drupal | 5.0-rc2 | 5.0-rc2.x |
| drupal / drupal | 5.1_rev1.1 | 5.1_rev1.1.x |
| drupal / drupal | 6.0-beta1 | 6.0-beta1.x |
| drupal / drupal | 5.16 | 5.16.x |
| drupal / drupal | 6.0-rc-1 | 6.0-rc-1.x |
| drupal / drupal | 6.0-rc-3 | 6.0-rc-3.x |
| drupal / drupal | 5.15 | 5.15.x |
| drupal / drupal | 6.7 | 6.7.x |
| drupal / drupal | 5.0-rc1 | 5.0-rc1.x |
| drupal / drupal | 6.8 | 6.8.x |
| drupal / drupal | 6.1 | 6.1.x |
| drupal / drupal | 5.0-beta2 | 5.0-beta2.x |
| drupal / drupal | 5.1 | 5.1.x |
| drupal / drupal | 6.5 | 6.5.x |
| drupal / drupal | 6.10 | 6.10.x |
| drupal / drupal | 6.6 | 6.6.x |
| drupal / drupal | 5.14 | 5.14.x |
| drupal / drupal | 6.0-rc-4 | 6.0-rc-4.x |
| drupal / drupal | 6.0-beta3 | 6.0-beta3.x |
| drupal / drupal | 6.3 | 6.3.x |
| drupal / drupal | 5.0-beta1 | 5.0-beta1.x |
| drupal / drupal | 5.11 | 5.11.x |
| drupal / drupal | 6.9 | 6.9.x |