Drupal Fill PDF Module Security Bypass and Arbitrary Code Execution Vulnerabilities
BID:51288
Info
Drupal Fill PDF Module Security Bypass and Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 51288 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1625 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 05 2012 12:00AM |
| Updated: | Sep 21 2012 04:20PM |
| Credit: | Christian Johansson and Liam Morland |
| Vulnerable: |
Drupal Fill PDF 7.x-1.1 Drupal Fill PDF 6.X-1.3 |
| Not Vulnerable: |
Drupal Fill PDF 7.x-1.2 Drupal Fill PDF 6.x-1.16 |
Discussion
Drupal Fill PDF Module Security Bypass and Arbitrary Code Execution Vulnerabilities
The Fill PDF module for Drupal is prone to a security-bypass vulnerability and an arbitrary-code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of the webserver and bypass security restrictions to perform unauthorized actions. Other attacks are also possible.
The following Fill PDF module versions are vulnerable:
Fill PDF 6.x-1.x versions prior to 6.x-1.16
Fill PDF 7.x-1.x versions prior to 7.x-1.2
The Fill PDF module for Drupal is prone to a security-bypass vulnerability and an arbitrary-code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of the webserver and bypass security restrictions to perform unauthorized actions. Other attacks are also possible.
The following Fill PDF module versions are vulnerable:
Fill PDF 6.x-1.x versions prior to 6.x-1.16
Fill PDF 7.x-1.x versions prior to 7.x-1.2