FreeBSD : drupal -- multiple vulnerabilities (40a0185f-ec32-11da-be02-000c6ec775d9)
High Nessus Plugin ID 21647
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Drupal team reports :
Vulnerability: SQL injection
A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer.
Vulnerability: Execution of arbitrary files
Certain -- alas, typical -- configurations of Apache allows execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your 'files' directory to protect you.
SolutionUpdate the affected package.