- Advisory ID: DRUPAL-SA-2008-008
- Project: Meta tags / Nodewords (third-party module)
- Version: 5.x-1.6
- Date: 2007-January-14
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
The Meta tags module, also known as Nodewords, adds HTML META tags to node, panel and view pages. If the site is configured to allow images in the body of any node type, any user that can create this node type is able to execute arbitrary code on the server.
- Meta tags for Drupal 5.x, version Metatags 5.x-1.6
Drupal core is not affected. If you do not use the contributed Meta tags module, there is nothing you need to do.
Install the latest version:
- If you use Drupal 5.x upgrade to Meta tags 5.x-1.7.
See also the Meta tags project page.
Robrecht Jacques, the Meta tags maintainer.
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.