Drupal Module with holes

Submitted by root on Fri, 2008-05-16 08:16

The Drupal Site Documentation Module [1] bears a Security Sole that allows access to sensitive Data of your Drupal Installation says Secunia [2] and Drupal.org [3].

This Module displays Content of arbitrary Tables of Drupal's Database. This can be misused to get the Session-IDs of logged-in Users as well as Usernames, hashed Passwords and E-Mail Adresses.

It is recommended to upgrade to Version 6.x-1.1 [4] respective 5.x-1.8 [5].

Links:
[1] http://drupal.org/project/sitedoc
[2] http://secunia.com/advisories/30257/
[3] http://drupal.org/node/258547
[4] http://ftp.drupal.org/files/projects/sitedoc-6.x-1.1.tar.gz
[5] http://ftp.drupal.org/files/projects/sitedoc-5.x-1.8.tar.gz

Syndicate content