// For flags

CVE-2012-4554

Drupal OpenID External Entity Injection

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.

El módulo OpenID en Drupal v7.x antes de v7.16 permite a servidores OpenID remotos leer archivos arbitrarios mediante una declaración DOCTYPE manipulada en un archivo XRDS.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-08-21 CVE Reserved
  • 2012-11-11 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha1
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha2
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha3
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha4
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha5
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha6
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha7
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
beta1
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
beta2
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
beta3
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
dev
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc1
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc2
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc3
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc4
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.1
Search vendor "Drupal" for product "Drupal" and version "7.1"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.2
Search vendor "Drupal" for product "Drupal" and version "7.2"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.3
Search vendor "Drupal" for product "Drupal" and version "7.3"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.4
Search vendor "Drupal" for product "Drupal" and version "7.4"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.5
Search vendor "Drupal" for product "Drupal" and version "7.5"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.6
Search vendor "Drupal" for product "Drupal" and version "7.6"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.7
Search vendor "Drupal" for product "Drupal" and version "7.7"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.8
Search vendor "Drupal" for product "Drupal" and version "7.8"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.9
Search vendor "Drupal" for product "Drupal" and version "7.9"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.10
Search vendor "Drupal" for product "Drupal" and version "7.10"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.11
Search vendor "Drupal" for product "Drupal" and version "7.11"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.12
Search vendor "Drupal" for product "Drupal" and version "7.12"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.13
Search vendor "Drupal" for product "Drupal" and version "7.13"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.14
Search vendor "Drupal" for product "Drupal" and version "7.14"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.15
Search vendor "Drupal" for product "Drupal" and version "7.15"
-
Affected