Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

Drupal Fivestar Module Remote Input Validation Vulnerability

http://www.securityfocus.com/bid/52984

Security Info

Bugtraq ID: 52984
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 11 2012 12:00AM
Updated: Apr 11 2012 12:00AM
Credit: Ezra Barnett Gildesgame
Vulnerable: Drupal Fivestar 6.X-1.X
Not Vulnerable: Drupal Fivestar 6.x-1.20

Security Discussion

The Fivestar module for Drupal is prone to an input-validation vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits may allow attackers to perform unauthorized actions, like modifying the voting averages. Other attacks are also possible.

Fivestar 6.x-1.x versions prior to 6.x-1.20 are vulnerable.

Proof of Concept and Security Exploits

Attackers can use a browser to exploit this issue.

Security Solution(s)

Solution:
Updates are available; please see the references for more information.


Drupal Fivestar 6.X-1.X

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 24, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services