Drupal

Ver
Links

Published by developsite on sab, 10/24/2009 - 01:36

TITLE:
Drupal FileField Module Security Bypass

SECUNIA ADVISORY ID:
SA37130

VERIFY ADVISORY:
http://secunia.com/advisories/37130/

DESCRIPTION:
A vulnerability has been reported in the FileField module for Drupal.
This can be exploited by malicious users to bypass certain security
restrictions.

An error in the module does not properly restrict access to files in
Drupal core's private file system, which can be exploited to access
otherwise restricted files.

The vulnerability is reported in version 6.x-3.1.

SOLUTION:
Update to version 6.x-3.2.
http://drupal.org/node/609874

PROVIDED AND/OR DISCOVERED BY:
The vendor credits isaac77.