FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- multiple vulnerabilities

Affected packages
drupal < 4.6.7

Details

VuXML ID 40a0185f-ec32-11da-be02-000c6ec775d9
Discovery 2006-05-18
Entry 2006-06-05

The Drupal team reports:

Vulnerability: SQL injection

A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer.

[source]

Vulnerability: Execution of arbitrary files

Certain -- alas, typical -- configurations of Apache allows execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you.

[source]

References

CVE Name CVE-2006-2742
CVE Name CVE-2006-2743
URL http://drupal.org/node/65357
URL http://drupal.org/node/65409

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.