Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities

Drupal is prone to an arbitrary PHP code-execution and multiple access-bypass vulnerabilities.

An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server, bypass certain security restrictions, and perform unauthorized actions; this may aid in launching further attacks.

The following versions are vulnerable:

Drupal 6.x versions prior to 6.27
Drupal 7.x versions prior to 7.18


 

Privacy Statement
Copyright 2010, SecurityFocus