Need a Drupal expert for fixing some issue

Closed Posted 3 years ago Paid on delivery
Closed Paid on delivery

1

High

No client or server-side input validation has been implemented. This test successfully embedded a scripting the response, which will be executed once the page is loaded in the user's browser. Thus Cross-Site scripting attack is possible in the application.

Open

Run Time Error

Patch throughout the application

2

High

I-Frame injection attack is possible in the application.

Open

Run Time Error

Patch throughout the application

3

High

Denial of Service (DOS) attack is possible in the application.

Open

Open

-

4

High

The password between the server and client is passed in cleartext. It is possible for a malicious user to sniff into the network and access the application and password.

Open

Open

-

5

High

Malicious File Upload is possible in this Application.

Open

Page Not Working

Patch throughout the application

6

High

Upload module in the Public page.

Open

Page Not Working

-

7

High

Session Hijacking is possible in this Application.

Open

Open

-

8

Medium

It is possible to access authenticated pages through the back button of the browser. The back button is enabled in the application.

Open

Open

Patch throughout the application

9

Medium

Old Version of PHP, DRUPAL, jQuery and MySQL is used in the application.

Open

Open

-

10

Medium

Banner Grabbing is an enumeration technique used to glean information about the computer systems on a network, server information and the services running its open ports.

Open

Closed

-

11

Medium

The old version of Bootstrap is used in the application.

Open

Open

-

12

Medium

The application does not maintain audit trail properly where all user activities have to be logged. In-case a malicious user tries to attack the application; the application will not be able to trace the attacker.

Open

Open

-

13

Medium

It is possible to view the authenticated page from the cache option of the browser.

Open

Run Time Error

Patch throughout the application

14

Low

User Enumeration is possible in the application.

Open

Closed

15

Low

Email-Spamming is possible in the application.

Open

Open

Patch throughout the application

16

Low

Password Complexity is not implemented properly in the application.

Open

Page Not Working

-

17

Low

Password History is not maintained in the application.

Open

Page Not Working

-

18

Low

Application has the provision to remember all user names those have logged in or try to log in. Auto-fill is not disabled on login. Other fields can also display information, which can be misused by a malicious user.

Open

Open

-

19

Low

HTTP Method (OPTIONS) are enabled in the application.

Open

Open

Patch throughout the application

Drupal PHP JavaScript HTML CSS

Project ID: #25766935

About the project

2 proposals Remote project Active 3 years ago