drupal6-filefield

2010-05-17

Page content

Author: Miklos Vajna
Vulnerable: 6.x_3.2-1
Unaffected: 6.x_3.3-1locris1

A security issue has been reported in the FileField module for Drupal, which potentially can be exploited by malicious users to compromise a vulnerable system. The security issue exists due to improper creation of a default extension for a new file field when the field configuration page is not saved and can be exploited to upload arbitrary files to a directory inside the webroot. Successful exploitation may allow execution of arbitrary PHP code but requires “create” or “edit” permission for the file field.

Bug Tracker URL: http://bugs.frugalware.org/task/4207

CVEs:

No CVE references, see http://drupal.org/node/791050.