Drupal Fill PDF Module Security Bypass and Arbitrary Code Execution Vulnerabilities

The Fill PDF module for Drupal is prone to a security-bypass vulnerability and an arbitrary-code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Attackers can exploit these issues to execute arbitrary code in the context of the webserver and bypass security restrictions to perform unauthorized actions. Other attacks are also possible.

The following Fill PDF module versions are vulnerable:
Fill PDF 6.x-1.x versions prior to 6.x-1.16
Fill PDF 7.x-1.x versions prior to 7.x-1.2


 

Privacy Statement
Copyright 2010, SecurityFocus