Drupal Features Module <= 0.0.2 is vulnerable to Broken Access Control

Software Features Type Module Vulnerable versions = 0.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-12582 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2b7c0646055d Credits Nabil Irawan - Heroes Cyber Security...

EUVD-2013-6863

Malware in sbrugna...

[SECURITY] Fedora 24 Update: drupal7-features-2.10-1.fc24

The features module enables the capture and management of features in Drupa l. A feature is a collection of Drupal entities which taken together satisfy a certain use-case. Features provides a UI and API for taking different site building components from modules with exportables and bundling them...

Drupal Features Module Remote Denial of Service Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A remote denial of service vulnerability exists in the Drupal Features module, which could be exploited by remote attackers to submit a special request for a denial of...

Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

This module enables you to organize and export configuration data. The module doesn't sufficiently protect the admin/structure/features/cleanup path with a token. If an attacker can trick an admin with the "manage features" permission to request a special URL, it could lead to clearing the cache...

CVE-2013-7067

Summary of CVE-2013-7067 (Drupal OG Features module): The vulnerability affects the Drupal OG Features module (version 6.x-1.x prior to 6.x-1.4). The module does not properly override pages when an access callback is explicitly set to FALSE, allowing remote attackers to bypass intended access res...