FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- PHP code execution vulnerabilities

Affected packages
drupal < 4.6.2

Details

VuXML ID f241641e-f5ea-11d9-a6db-000d608ed240
Discovery 2005-06-29
Entry 2005-07-16

Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed.

References

CVE Name CVE-2005-1921
CVE Name CVE-2005-2106
URL http://drupal.org/files/sa-2005-002/advisory.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.