TITLE: Drupal SQL Injection and Arbitrary File Execution Vulnerabilities SECUNIA ADVISORY ID: SA20140 VERIFY ADVISORY: http://secunia.com/advisories/20140/ CRITICAL: Moderately critical IMPACT: Manipulation of data, System access WHERE: >From remote SOFTWARE: Drupal 4.x http://secunia.com/product/342/ DESCRIPTION: Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct SQL injection attacks and by malicious users to potentially compromise a vulnerable system. 1) Input passed to unspecified parameters is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been reported in version 4.6.6 and prior, and in version 4.7.0 and prior. 2) Missing access restrictions to the "files" directories in certain configurations can be exploited to execute arbitrary files within the directory. Successful exploitation requires that a " .htaccess" file has not been used to restrict access to the directory. The vulnerability has been reported in all versions prior to 4.6.7, and in version 4.7.0. SOLUTION: Update to version 4.6.7 or 4.7.1. http://drupal.org/project PROVIDED AND/OR DISCOVERED BY: 1) Ayman Hourieh 2) milw0rm ORIGINAL ADVISORY: http://drupal.org/node/65357 http://drupal.org/node/65409 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------