Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

Drupal is prone to an arbitrary PHP code-execution and an information-disclosure vulnerability.

An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server and obtain sensitive information that may aid in launching further attacks.

Versions prior to Drupal 7.16 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus