System compromise in Drupal Live CSS

Posted: January 22, 2013 in Vulnerabilities
Tags: Drupal Live CSS, system compromise, vulnerability

System compromise

Vulnerability: System compromise in Drupal Live CSS

Danger: Average
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Affected products: Drupal Live CSS Module 6.x
Drupal Live CSS Module 7.x

Affected versions: Live CSS module for Drupal 6.x-2.1, perhaps the only one.
Live CSS module for Drupal 7.x-2.7, perhaps the only one.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to insufficient checks for file uploads. A remote user can upload a file with an arbitrary extension containing PHP code and execute it on the system.

Successful exploitation requires that you must have permission ‘administer CSS’.

Manufacturer : https://malwarelist.net/2012/10/13/drupal-content-management-system/

Solution: Install the latest version from the manufacturer.

links:

http://drupal.org/node/1890318

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook