Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Heine on
- Advisory ID: DRUPAL-SA-2008-008
- Project: Meta tags / Nodewords (third-party module)
- Version: 5.x-1.6
- Date: 2008-January-14
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Description
The Meta tags module, also known as Nodewords, adds HTML META tags to node, panel and view pages. If the site is configured to allow images in the body of any node type, any user that can create this node type is able to execute arbitrary code on the server.
Versions affected
- Meta tags for Drupal 5.x, version Metatags 5.x-1.6
Drupal core is not affected. If you do not use the contributed Meta tags module, there is nothing you need to do.
Solution
Install the latest version:
- If you use Drupal 5.x upgrade to Meta tags 5.x-1.7.
See also the Meta tags project page.
Reported by
Robrecht Jacques, the Meta tags maintainer.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.