Unrated severityNVD Advisory· Published Jul 8, 2009· Updated Jun 16, 2026
CVE-2009-2374
CVE-2009-2374
Description
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- drupal.org/node/507572nvdPatchVendor Advisory
- osvdb.org/55524nvdBroken LinkPatch
- secunia.com/advisories/35657nvdThird Party Advisory
- secunia.com/advisories/35681nvdThird Party Advisory
News mentions
0No linked articles in our index yet.