Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Drupal | Drupal | 5.0-beta1 (including) | 5.0-beta1 (including) |
| Drupal | Drupal | 5.0-beta2 (including) | 5.0-beta2 (including) |
| Drupal | Drupal | 5.0-rc1 (including) | 5.0-rc1 (including) |
| Drupal | Drupal | 5.0-rc2 (including) | 5.0-rc2 (including) |
| Drupal | Drupal | 5.1 (including) | 5.1 (including) |
| Drupal | Drupal | 5.1_rev1.1 (including) | 5.1_rev1.1 (including) |
| Drupal | Drupal | 5.10 (including) | 5.10 (including) |
| Drupal | Drupal | 5.11 (including) | 5.11 (including) |
| Drupal | Drupal | 5.12 (including) | 5.12 (including) |
| Drupal | Drupal | 5.13 (including) | 5.13 (including) |
| Drupal | Drupal | 5.14 (including) | 5.14 (including) |
| Drupal | Drupal | 5.15 (including) | 5.15 (including) |
| Drupal | Drupal | 5.16 (including) | 5.16 (including) |
| Drupal | Drupal | 6.0-beta1 (including) | 6.0-beta1 (including) |
| Drupal | Drupal | 6.0-beta2 (including) | 6.0-beta2 (including) |
| Drupal | Drupal | 6.0-beta3 (including) | 6.0-beta3 (including) |
| Drupal | Drupal | 6.0-beta4 (including) | 6.0-beta4 (including) |
| Drupal | Drupal | 6.0-rc-1 (including) | 6.0-rc-1 (including) |
| Drupal | Drupal | 6.0-rc-2 (including) | 6.0-rc-2 (including) |
| Drupal | Drupal | 6.0-rc-3 (including) | 6.0-rc-3 (including) |
| Drupal | Drupal | 6.0-rc-4 (including) | 6.0-rc-4 (including) |
| Drupal | Drupal | 6.1 (including) | 6.1 (including) |
| Drupal | Drupal | 6.2 (including) | 6.2 (including) |
| Drupal | Drupal | 6.3 (including) | 6.3 (including) |
| Drupal | Drupal | 6.4 (including) | 6.4 (including) |
| Drupal | Drupal | 6.5 (including) | 6.5 (including) |
| Drupal | Drupal | 6.6 (including) | 6.6 (including) |
| Drupal | Drupal | 6.7 (including) | 6.7 (including) |
| Drupal | Drupal | 6.8 (including) | 6.8 (including) |
| Drupal | Drupal | 6.9 (including) | 6.9 (including) |
| Drupal | Drupal | 6.10 (including) | 6.10 (including) |
| Drupal5 | Ubuntu | hardy | * |
| Drupal5 | Ubuntu | intrepid | * |
| Drupal5 | Ubuntu | jaunty | * |
| Drupal5 | Ubuntu | upstream | * |
| Drupal6 | Ubuntu | jaunty | * |
| Drupal6 | Ubuntu | upstream | * |