CVE-2006-6528

Currently unrated

Key Information:

Vendor: Drupal
Status: Chatroom Module
Vendor: CVE Published:; 14 December 2006

Summary

The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges.

References

http://www.vupen.com/english/advisories/2006/4942

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/23343

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/102614

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Dec 13, 2006