Vulnerability: System compromise in Drupal Live CSS
Number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise
Affected products: Drupal Live CSS Module 6.x
Drupal Live CSS Module 7.x
Affected versions: Live CSS module for Drupal 6.x-2.1, perhaps the only one.
Live CSS module for Drupal 7.x-2.7, perhaps the only one.
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to insufficient checks for file uploads. A remote user can upload a file with an arbitrary extension containing PHP code and execute it on the system.
Successful exploitation requires that you must have permission ‘administer CSS’.
Solution: Install the latest version from the manufacturer.