Need a Drupal expert for fixing some issue
$10-30 USD
Paid on delivery
1
High
No client or server-side input validation has been implemented. This test successfully embedded a scripting the response, which will be executed once the page is loaded in the user's browser. Thus Cross-Site scripting attack is possible in the application.
Open
Run Time Error
Patch throughout the application
2
High
I-Frame injection attack is possible in the application.
Open
Run Time Error
Patch throughout the application
3
High
Denial of Service (DOS) attack is possible in the application.
Open
Open
-
4
High
The password between the server and client is passed in cleartext. It is possible for a malicious user to sniff into the network and access the application and password.
Open
Open
-
5
High
Malicious File Upload is possible in this Application.
Open
Page Not Working
Patch throughout the application
6
High
Upload module in the Public page.
Open
Page Not Working
-
7
High
Session Hijacking is possible in this Application.
Open
Open
-
8
Medium
It is possible to access authenticated pages through the back button of the browser. The back button is enabled in the application.
Open
Open
Patch throughout the application
9
Medium
Old Version of PHP, DRUPAL, jQuery and MySQL is used in the application.
Open
Open
-
10
Medium
Banner Grabbing is an enumeration technique used to glean information about the computer systems on a network, server information and the services running its open ports.
Open
Closed
-
11
Medium
The old version of Bootstrap is used in the application.
Open
Open
-
12
Medium
The application does not maintain audit trail properly where all user activities have to be logged. In-case a malicious user tries to attack the application; the application will not be able to trace the attacker.
Open
Open
-
13
Medium
It is possible to view the authenticated page from the cache option of the browser.
Open
Run Time Error
Patch throughout the application
14
Low
User Enumeration is possible in the application.
Open
Closed
15
Low
Email-Spamming is possible in the application.
Open
Open
Patch throughout the application
16
Low
Password Complexity is not implemented properly in the application.
Open
Page Not Working
-
17
Low
Password History is not maintained in the application.
Open
Page Not Working
-
18
Low
Application has the provision to remember all user names those have logged in or try to log in. Auto-fill is not disabled on login. Other fields can also display information, which can be misused by a malicious user.
Open
Open
-
19
Low
HTTP Method (OPTIONS) are enabled in the application.
Open
Open
Patch throughout the application
Project ID: #25766935