- Advisory ID: DRUPAL-SA-2008-015
- Project: Comment upload (third-party module)
- Version: 4.7.x, 5.x
- Date: 2007-January-30
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary file upload
Comment upload enables file attachments for comments. To do so it uses and subverts various functions from the upload module that are present in Drupal core. In certain, common cases, comment upload passes incorrect data to the upload validation functions, resulting in a validation bypass, which enables a user with the "upload files" permission to upload files with arbitrary extensions.
Using these files an attacker can perform cross site scripting attacks, and depending on the server configuration, may also be able to execute arbitrary code.
- Comment upload for Drupal 4.7.x prior to 4.7.x-0.1
- Comment upload for Drupal 5.x prior to 5.x-0.1
Drupal core is not affected. If you do not use the contributed comment upload module, there is nothing you need to do.
Install the latest version:
- If you use Drupal 4.7.x install comment upload 4.7.x-0.1
- If you use Drupal 5.x install comment upload 5.x-0.1
See also the Comment upload project page.
webernet reported an issue that was traced back by the security team to comment upload.
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.