Drupal Fivestar Module Remote Input Validation Vulnerability UPDATED

Summary

The Fivestar module for Drupal is prone to an input-validation vulnerability because it fails to properly sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/52984
The information has been provided by Ezra Barnett Gildesgame.


Details

Vulnerable Systems:
 * Drupal Fivestar 6.X-1.X

Successful exploits may allow attackers to perform unauthorized actions, like modifying the voting averages. Other attacks are also possible.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:
http://drupal.org/node/1528614

CVE Information:
CVE-2012-2096

Disclosure Timeline:
Published:Apr 11 2012
Updated:Aug 16 2012

Categories: News