Affected Version: Drupal 6.9
Drupal drupals 6.7
Drupal drupals 6.6
Drupal drupals 6.5
Drupal drupals 6.4
Drupal drupals 6.3
Drupal drupals 6.2
Drupal drupals 6.13
Drupal drupals 6.12
Drupal drupals 6.11
Drupal drupals 6.10
Drupal drupals 6.1
Drupal drupals 6.0
Drupal drupals 5.9
Drupal drupals 5.8
Drupal drupals 5.7
Drupal drupals 5.6
Drupal drupals 5.5
Drupal drupals 5.4
Drupal drupals 5.3
Drupal drupals 5.2
Drupal drupals 5.19
Drupal drupals 5.18
Drupal drupals 5.17
Drupal drupals 5.16
Drupal drupals 5.15
Drupal drupals 5.13
Drupal drupals 5.12
Drupal drupals 5.11
Drupal drupals 5.10
Drupal 5.1 revision 1.1
Drupal drupals 5.1
Drupal drupals 5.0
Vulnerability Description: Bugraq ID: 36431
Drupal is an open source content management platform.
Drupal has multiple security vulnerabilities. Attackers can exploit this vulnerability to upload arbitrary files to the server, hijack arbitrary sessions, and access affected applications without authorization.
The file API does not properly process partial extended file uploads, which may cause the uploaded files to be executed by Apache .. Htaccess is saved in the Drupal file directory to prevent uploading from being executed. These files are executed only when the commands in the. htaccess file are ignored by the server configuration.
When an anonymous user uses a single logon link to confirm the EMAIL address and reset the forgotten password, Drupal does not regenerate the session ID, in some cases, malicious users can repair and reuse the session ID of the target user.
<* Reference
Http://drupal.org/node/579482/
*> Security suggestion: You can contact the supplier to upgrade to the latest version:
Drupal drupals 5.18
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.19
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.13
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.10
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 6.13
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 5.12
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.2
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.3
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 6.0
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.9
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.12
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.11
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 5.9
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.1
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.0
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.6
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 6.1
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 5.16
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.8
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.15
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal 5.1 revision 1.1
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.11
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 6.10
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 5.5
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 6.5
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 5.7
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 6.7
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.3
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.2
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.6
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 6.4
Drupal drupal-6.14.tar.gz
Http://ftp.drupal.org/files/projects/drupal-6.14.tar.gz
Drupal drupals 5.4
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Drupal drupals 5.17
Drupal drupal-5.20.tar.gz
Http://ftp.drupal.org/files/projects/drupal-5.20.tar.gz
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
