|
Family: CGI abuses --> Category: infos
Drupal Arbitrary PHP Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of Drupal
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to
arbitrary PHP code injection.
Description :
The version of Drupal installed on the remote host, according to its
version number, allows attackers to embed arbitrary PHP code when
submitting a comment or posting. Note that successful exploitation
requires that public comments or postings be allowed in Drupal.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=112015287827452&w=2
http://drupal.org/drupal-4.6.2
Solution :
Upgrade to Drupal version 4.5.4 / 4.6.2 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|