• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Drupal Project Issue Tracking Module Multiple Input Validation Vulnerabilities

The Project Issue Tracking module for Drupal is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include a cross-site scripting vulnerability as well as a vulnerability that allows attacker to upload arbitrary code.

Successfully exploiting these issues can allow an attacker to upload and execute arbitrary code in the context of the application. This may help the attacker steal cookie-based authentication credentials, and launch additional attacks.

Note that Drupal Core without this module is not affected by these issues.