Drupal ImageField Module Multiple Security Vulnerabilities
BID:39955
Info
Drupal ImageField Module Multiple Security Vulnerabilities
| Bugtraq ID: | 39955 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2010 12:00AM |
| Updated: | May 06 2010 10:02PM |
| Credit: | vb1 |
| Vulnerable: |
Drupal ImageField Module 6.x-3.2 |
| Not Vulnerable: |
Drupal ImageField Module 6.x-3.3 |
Discussion
Drupal ImageField Module Multiple Security Vulnerabilities
The ImageField module for Drupal is prone to multiple vulnerabilities, including a security-bypass issue and an unspecified issue related to file extensions.
Attackers can exploit these issues to bypass security restrictions and obtain potentially sensitive information; other attacks may also be possible.
Versions prior to ImageField 6.x-3.3 are vulnerable.
The ImageField module for Drupal is prone to multiple vulnerabilities, including a security-bypass issue and an unspecified issue related to file extensions.
Attackers can exploit these issues to bypass security restrictions and obtain potentially sensitive information; other attacks may also be possible.
Versions prior to ImageField 6.x-3.3 are vulnerable.
Exploit / POC
Drupal ImageField Module Multiple Security Vulnerabilities
Attackers can exploit these issues through a browser.
Attackers can exploit these issues through a browser.
Solution / Fix
Drupal ImageField Module Multiple Security Vulnerabilities
Solution:
The vendor has released fixes and an advisory. Please see the references for details.
Drupal ImageField Module 6.x-3.2
Solution:
The vendor has released fixes and an advisory. Please see the references for details.
Drupal ImageField Module 6.x-3.2
-
Drupal imagefield-6.x-3.3.tar.gz
http://ftp.drupal.org/files/projects/imagefield-6.x-3.3.tar.gz
References
Drupal ImageField Module Multiple Security Vulnerabilities
References:
References: