Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Drupal FileField Source Module < 6.x-1.2 Arbitrary Code Execution



The remote web server is hosting a web application that is vulnerable to a remote code execution attack.


The remote web server hosts a Drupal install that uses the FileField Source module.

Versions of FileField Sources earlier than 6.x-1.2 are potentially affected by a remote code execution vulnerability because the application fails to properly sanitize the file extensions of files that have been transferred from remote servers.


Upgrade to Drupal FileField Sources module 6.x-1.2 or later.