|
30-06-05, 11:00 AM
| |||
| |||
 Drupal PHP Code Execution Vulnerabilities
Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error in the XML-RPC library can be exploited to execute arbitrary PHP code. The PEAR XML-RPC module has been upgraded on all servers, but you are advised to upgrade to version 4.5.4, or 4.6.2, or later. 2) An input validation error in the filter mechanisms can be exploited to execute arbitrary PHP code via a specially crafted comment or posting. The vulnerability has been reported in version 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0 and 4.6.1. Solution: Update to version 4.5.4, or 4.6.2, or later.      |
 |
| Tags |
| code, drupal, execution, php, vulnerabilities |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution | niall | Security Notices | 0 | 17-08-05 11:41 AM |
| Drupal XML-RPC PHP Code Execution Vulnerability | niall | Security Notices | 0 | 17-08-05 11:39 AM |
| phpAdsNew XML-RPC PHP Code Execution Vulnerability | niall | Security Notices | 0 | 01-07-05 10:05 AM |
| Serendipity XML-RPC Unspecified PHP Code Execution Vuln. | niall | Security Notices | 0 | 30-06-05 10:57 AM |
| PostNuke XML-RPC Library PHP Code Execution Vulnerability | niall | Security Notices | 0 | 30-06-05 10:53 AM |
Linear Mode
