PROBLEM:
Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
PLATFORM:
Drupal 6.x versions prior to 6.27
Drupal 7.x versions prior to 7.18
ABSTRACT:
Drupal Core Multiple vulnerabilities
REFERENCE LINKS:
SA-CORE-2012-004 - Drupal core
Bugtraq ID: 56993
Secunia Advisory SA51517
CVE-2012-5651
CVE-2012-5652
CVE-2012-5653
IMPACT ASSESSMENT:
Medium
DISCUSSION:
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server, bypass certain security restrictions, and perform unauthorized actions; this may aid in launching further attacks.
IMPACT:
Drupal is prone to an arbitrary PHP code-execution and multiple access-bypass vulnerabilities.
SOLUTION:
Install the latest version:
•If you use Drupal 6.x, upgrade to Drupal core 6.27.
•If you use Drupal 7.x, upgrade to Drupal core 7.18.