Rename Admin Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-033

Project: Rename Admin PathsVersion: 7.x-2.37.x-2.27.x-2.1Date: 2022-April-12Security risk: Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The Rename Admin Path module provides additional security to Drupal sites by renaming the admin paths. The module has a vulnerability with allows attackers to bypass the protection by using specially crafted URLs.
The risk is mitigated by the fact that, even though the attacker can bypass the protection offered by this module, all regular permissions still apply.Solution: Install the latest version:

Only the 7.x version of the module is vulnerable. If you use the 8.x version, you do not have to take any action.Reported By: 

Fixed By: 

Coordinated By: 

Path to article