Best Of

Highly Critical Security Flaws In Drupal Audio Module

I have discovered several critical security flaws in the Drupal Audio module, one of which could allow anyone to upload and execute arbitrary code. The issues all stem from the getID3 library, an open source package used by the Audio module to read metadata from files. Included with the library are a set of demo files which, when properly manipulated, can be used to read, delete, upload, and run files without permission.

... Read the rest of this post!

Posted by John on 2007-02-15
Syndicate content