Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
BID:52811
Info
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
| Bugtraq ID: | 52811 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-2073 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2012 12:00AM |
| Updated: | Aug 16 2012 01:20PM |
| Credit: | David Rothstein |
| Vulnerable: |
Drupal Bundle copy 7.x-1.0 |
| Not Vulnerable: |
Drupal Bundle copy 7.x-1.1 |
Discussion
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
The Drupal Bundle Copy module is prone to an arbitrary PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver.
Bundle Copy 7.x-1.x versions prior to 7.x-1.1 are vulnerable.
The Drupal Bundle Copy module is prone to an arbitrary PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver.
Bundle Copy 7.x-1.x versions prior to 7.x-1.1 are vulnerable.
Exploit / POC
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Drupal Bundle Copy Module Arbitrary PHP Code Execution Vulnerability
References:
References:
- Bundle Copy Homepage (Drupal)
- Drupal Homepage (Drupal)
- SA-CONTRIB-2012-046 - Bundle Copy - Arbitrary Code execution (Drupal)