Code-Authors Welcome Guest | Login or Register

Guardian · *Tuesday 15 Jan 2008* | *Guardian* | *Drupal*

TITLE:
Drupal Meta Tags Module Arbitrary Code Execution

SECUNIA ADVISORY ID:
SA28478

VERIFY ADVISORY:
http://secunia.com/advisories/28478/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Drupal Meta Tags Module 5.x
http://secunia.com/product/17200/

DESCRIPTION:
A vulnerability has been reported in the Meta Tags module for Drupal,
which can be exploited by malicious users to compromise a vulnerable
system.

The vulnerability is caused due to an error within the handling of
nodes. This can be exploited to execute arbitrary code by creating
specially crafted nodes containing image files.

Successful exploitation requires that images are allowed in the
created node.

The vulnerability is reported in version 5.x-1.6.

SOLUTION:
Update to version 5.x-1.7.
http://ftp.drupal.org/files/projects/nodewords-5.x-1.7.tar.gz

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://drupal.org/node/209759

Code-Authors Welcome Guest | Login or Register

[Drupal] Drupal Meta Tags Module Arbitrary Code Executio

Search

Categories

Archives

Pages