- Advisory ID: DRUPAL-SA-CONTRIB-2009-056
- Project: Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest API (third-party modules)
- Version: 5.x, 6.x
- Date: 2009 Sept 9
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Description
Multiple vulnerabilities have been found in the following modules which have been abandoned. Their releases have been unpublished and it is recommended that they be disabled and un-installed if in use.
Modules
Drupal core is not affected. If you do not use any of these contributed modules, there is nothing you need to do.
Solution
There is no solution available. It is recommended that you disable any of the vulnerable modules if they are in use on your site.
Reported by
Node2Node - Ezra B. Gildesgame.
Quota by Role - Stéphane Corlosquet (*).
Subdomain manager and Rest API - Gerhard Killesreiter (*).
NodeBrowser - Jakub Suchy (*).
Persons marked with (*) are members of the Drupal security team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
