Drupal FileField Source Module < 6.x-1.2 Arbitrary Code Execution
Medium Nessus Network Monitor Plugin ID 5636
SynopsisThe remote web server is hosting a web application that is vulnerable to a remote code execution attack.
DescriptionThe remote web server hosts a Drupal install that uses the FileField Source module.
Versions of FileField Sources earlier than 6.x-1.2 are potentially affected by a remote code execution vulnerability because the application fails to properly sanitize the file extensions of files that have been transferred from remote servers.
SolutionUpgrade to Drupal FileField Sources module 6.x-1.2 or later.