Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 UTC on 18 March 2024, to get $100 off your ticket.
By Heine on
- Advisory ID: DRUPAL-SA-2008-021
- Project: Live (third-party module)
- Version: 5.x
- Date: 2008-March-23
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
Description
The contributed module Live provides previews of content items while typing them.
Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site.
Versions affected
- Live for Drupal 5.x before Live 5.x-0.1
Drupal core is not affected. If you do not use the contributed Live module, there is nothing you need to do.
Solution
Install the latest version:
- Upgrade to Live 5.x-0.1.
See also the Live project page.
Reported by
The Drupal Security Team.
Contact
The security contact for Drupal can be reached via email at security at drupal.org or via the form at http://drupal.org/contact.