drupal

2008-11-16

Page content

Author: Miklos Vajna
Vulnerable: 5.11-1solaria1
Unaffected: 5.12-1solaria1

A vulnerability has been reported in Drupal, which can potentially be exploited by malicious, local users to gain escalated privileges. Input passed to unspecified parameters is not properly verified before being used to include files. This can be exploited to include specially named files from local resources and potentially escalate privileges. Successful exploitation requires that the web server is configured to use virtual hosts.

Bug Tracker URL: http://bugs.frugalware.org/task/3419

CVEs:

No CVE for this issue, see http://drupal.org/node/324833