VDB
GCVE-110-MAGEIA-2015-121
GCVE-110-MAGEIA-2015-121
Advisory Published
Password reset URLs can be forged under certain circumstances, allowing an
attacker to gain access to another user's account without knowing the
account's password (CVE-2015-2559).
Under certain circumstances, malicious users can construct a URL that will
trick users into being redirected to a 3rd party website, thereby exposing
the users to potential social engineering attacks. In addition, several
URL-related API functions in Drupal 6 and 7 can be tricked into passing
through external URLs when not intending to, potentially leading to
additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | drupal | 7.35-1.mga4 (unaffected), 0 (affected), 0 (affected), 7.35-1.mga4 (unaffected) | — |
| Mageia | preload | 0 (affected), 0.6.4-7.1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.