PT-2014-6381 · Drupal · Fasttoggle Module

Published

2014-12-01

Updated

2014-12-01

CVE-2014-5268

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Fasttoggle module versions 7.x-1.3 through 7.x-1.4 for Drupal

Description The issue allows remote attackers to block or unblock an account via a crafted user status link.

Recommendations For Fasttoggle module versions 7.x-1.3 and 7.x-1.4, consider disabling the module until a patch is available to prevent exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-5268

Affected Products

Fasttoggle Module

PT-2014-6381 · Drupal · Fasttoggle Module

CVE-2014-5268

Weakness Enumeration

Related Identifiers

Affected Products

References · 3