Drupal : Fill PDF – Multiple vulnerabilities

January 6, 2012 By
Salvus Alerting

Information At A Glance
Source Version/Dependency Developer Severity
http://drupal.org/node/1394428 Version: 6.x, 7.x drupal.org/project/fillpdf Moderately Critical
Summary:
Two vulnerabilities have been reported in the Fill PDF module for Drupal, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
1) An error due to a missing argument in the “fillpdf_merge_pdf()” function in fillpdf.module can be exploited to bypass the authorization mechanism via a specially crafted web request. This vulnerability is reported in versions prior to 7.x-1.2. 2) Input passed via imported templates is not properly sanitized in the “fillpdf_form_export_decode()” function in fillpdf.admin.inc before being used in an “eval()” call. This can be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires the “administer PDFs” permission. This vulnerability is reported in versions prior to 6.x-1.16 and versions prior to 7.x-1.2.
  Fix:
If you use the Fill PDF module for Drupal 6.x, upgrade to Fill PDF 6.x-1.16. If you use the Fill PDF module for Drupal 7.x, upgrade to Fill PDF 7.x-1.2.
  Source: ~
 
Disclaimer: Salvus Alerting provides timely industry related information to customers within its subscriber community for informational purposes only and makes every effort to distribute accurate and reliable information. Salvus Alerting disclaims all warranties with regard to the information and/or the services being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information and/or the services being provided. Use of this information is covered under the subscriber terms and conditions agreement. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC. SalvusAlerting is not responsible for content on advertisers sites.
Filed Under: CMS, Drupal, Latest SalvusAlerts Tagged With: , ,