6.9 Medium
AI Score
Confidence
Low
0.166 Low
EPSS
Percentile
96.0%
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
drupalcode.org/project/drupal.git/commit/b912710
www.openwall.com/lists/oss-security/2012/10/29/4
www.openwall.com/lists/oss-security/2012/10/30/5
drupal.org/node/1815912