26 matches found
EUVD-2026-15423
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
CVE-2026-1917
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
CVE-2026-1917
The Drupal Login Disable module is reported to allow login without the required access key via the HTTP request login route: the module does not check the access key on that route, enabling login without the key. This vulnerability is described in OSV-DRUPAL-CONTRIB-2026-008 and PT-2026-6544; no ...
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
Drupal Login Disable 安全漏洞
Drupal Login Disable is an extension module for the Drupal content management system designed to restrict or disable user login functionality. Versions of Drupal Login Disable prior to 2.1.3 contained a security vulnerability; this vulnerability stemmed from using alternative paths or channels to...
PT-2026-6544
The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...
Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: http://example.com/user/login?admin If they provide the access key and have a specific role they can log in. The module does not check for...
EUVD-2024-51521
Malicious code in bioql PyPI...
CVE-2024-13309
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...
CVE-2024-13309
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...
CVE-2024-13309
CVE-2024-13309 affects the Drupal Login Disable module (versions 2.0.0–2.1.1). The root cause is improper authentication/incorrect access control, enabling a bypass of login protection intended by the module. The vulnerability could allow an attacker to log in or bypass restrictions for existing ...
CVE-2024-13309 Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...
CVE-2024-13309 Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Login Disable versions 2.0.0 through 2.1.1 that stems from an incorrect authentication vulnerability...
DRUPAL-CONTRIB-2024-073
This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module does not correctly prevent a user with a disabled login from logging in, allowing those users to by-pass...
Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073
This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module does not correctly prevent a user with a disabled login from logging in, allowing those users to by-pass...
Drupal Login Disable module 2.0.0-2.1.0 - Authenticated Broken Access Control vulnerability
Authenticated Broken Access Control vulnerability discovered by e5sego in WordPress Module Login Disable versions 2.0.0-2.1.0...
CVE-2024-30262
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...
PT-2023-24960 · Unknown · Wifi Soft Unibox Administration
Name of the Vulnerable Software and Affected Versions: Wifi Soft Unibox Administration versions 3.0 through 3.1 Description: The issue arises from the lack of validation or sanitization of user input in the username field of the login page, leading to SQL Injection. This allows attackers to injec...