| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Header image - Access bypas http://forum.scoutnet.be/viewtopic.php?f=19&t=2074 |
Pagina 1 van 1 |
| Auteur: | jorisp [ 14 Feb 2008 11:13 ] |
| Titel: | [Drupal] Security announcements: Header image - Access bypas |
------------SA-2008-017 - HEADER IMAGE - ACCESS BYPASS------------ * Advisory ID: DRUPAL-SA-2008-017 * Project: Header image (third-party module) * Version: 5.x-1.0 * Date: 2008-February-13 * Security risk: Not critical * Exploitable from: Remote * Vulnerability: Access bypass ------------DESCRIPTION------------ The Header image module allows sites to display an image on selected pages based on the node id, path, taxonomy, node type, containing book or the result of PHP code. The module contains a vulnerability where access to the module's administration pages is granted to any user, including the anonymous user. ------------VERSIONS AFFECTED------------ * All versions prior to header image 5.x-1.1 Drupal core is not affected. If you do not use the contributed Header image module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * Header image 5.x-1.1 [ http://drupal.org/node/203444 ]. See also the Header image project page [ http://drupal.org/project/headerimage ]. ------------REPORTED BY------------ Erik Stielstra [ http://drupal.org/user/73854 ], the Header image module maintainer. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|