FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal7 -- multiple vulnerabilities

Affected packages
drupal7 < 7.16


VuXML ID 2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5
Discovery 2012-10-17
Entry 2012-10-31

Drupal Security Team reports:

  1. Arbitrary PHP code execution

    A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original server.

  2. Information disclosure - OpenID module

    For sites using the core OpenID module, an information disclosure vulnerability was identified that allows an attacker to read files on the local filesystem by attempting to log in to the site using a malicious OpenID server.