On March 18, 2015 multiple vulnerabilities were discovered that affects Drupal versions 6 and 7. The specific affected versions are in any Version 6 prior to 6.35 and any version 7 prior to 7.35. This vulnerability allows attackers to forge password reset URLs and access accounts in which the attacker does not have the password to. Also, the next vulnerability allows specific redirect parameters after an action is taken on the page. This allows the page to be redirected to a third party website where social engineering hacks can be deployed.
For more information please see our News Alert:
InMotion Hosting was founded in 2001 and provides personal and business web hosting for everyone! For more information about InMotion Hosting and the services we provide see here:
Publisher: InMotion Hosting
You can watch this video also at the source.