Family: CGI abuses --> Category: infos
Drupal Arbitrary PHP Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of Drupal
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to
arbitrary PHP code injection.
The version of Drupal installed on the remote host, according to its
version number, allows attackers to embed arbitrary PHP code when
submitting a comment or posting. Note that successful exploitation
requires that public comments or postings be allowed in Drupal.
See also :
Upgrade to Drupal version 4.5.4 / 4.6.2 or later.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.