Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Heine on
- Advisory ID: DRUPAL-SA-2008-004
- Project: Fileshare (third-party module)
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Description
The fileshare module is used to create nodes that allow browsing, uploading, downloading and deleting of files from a fileshare directory that is created by Drupal and linked to the node.
Users who are able to create fileshare nodes are able to execute arbitrary code on the server.
Versions affected
All versions of Fileshare.
Drupal core is not affected. If you do not use the contributed Fileshare module, there is nothing you need to do.
Solution
Disable the Fileshare module and remove the module from your filesystem. There is no fixed version of Fileshare available. The project has been removed from Drupal.org.
Reported by
Magne Eimot.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
