Arbitrary file uploads via BlogAPI in Drupal

#VU539 Arbitrary file uploads via BlogAPI in Drupal

Cybersecurity Help s.r.o.

Published: 2016-09-19 | Updated: 2017-02-17

Vulnerability identifier: #VU539

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Drupal
Web applications / CMS

Vendor: Drupal

Description
The vulnerability allows a remote user to download harmful files to compromise the target system.
The weaness is caused by improper validation of uploaded files extension by BlogAPI module that allows attackers to insert certain files or data.
Successful exploitation of the vulnerability may result in malicious files uploading and vulnerable system compromising.

Mitigation
Update 5.x to 5.10.
http://ftp.drupal.org/files/projects/drupal-5.10.tar.gz
Update 6.x to 6.4.
http://ftp.drupal.org/files/projects/drupal-6.4.tar.gz

Vulnerable software versions

Drupal: 6.0 - 6.3, 5.0 - 5.9

External links
http://www.drupal.org/node/295053

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arbitrary file uploads via BlogAPI in Drupal Drupal