- Advisory ID: DRUPAL-SA-CONTRIB-2013-016
- Project: Banckle Chat (third-party module)
- Version: 7.x
- Date: 2013-February-13
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Access bypass
This module enables you to chat with the visitors of your web site.
The module doesn't sufficiently check access to its admin pages.
This vulnerability is not mitigated.
CVE identifier(s) issued
- All Banckle Chat 7.x-1.x versions.
Drupal core is not affected. If you do not use the contributed Banckle Chat module, there is nothing you need to do.
Uninstall the module.
Also see the Banckle Chat project page.
- Wale Adesanya
- Lau Futtrup Rasmussen
- Gerhard Killesreiter of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.