6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.7%
CVE: CVE-2012-1625
This module enables you to populate fillable PDF templates with data from nodes and webforms.
Incorrectly-ordered arguments in a call to the function that handles the main functionality of the module makes it possible for an attacker to trigger any PDF to be filled, regardless of whether they have access to the node/webform or not, by passing an appropriately-formed query string argument.
This vulnerability is mitigated by the fact that an attacker can only access configured PDF templates, that the attacker must know (or brute-force) the node or webform IDs, and that only information that is configured to be filled into the PDFs (and the filled PDF templates themselves) can be obtained through this exploit.
The template importing and exporting used serialized PHP which required the use of an unsafe PHP function to evaluate and import templates, which could lead to execution of unwanted and untrusted code. This vulnerability is mitigated by the fact that the attacker must have the ‘administer PDFs’ permission.
Drupal core is not affected. If you do not use the contributed Fill PDF module, there is nothing you need to do.
Install the latest version:
See also the Fill PDF project page.
drupal.org/contact
drupal.org/node/1394066
drupal.org/node/1394070
drupal.org/project/fillpdf
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/user/204187
drupal.org/user/493050
drupal.org/user/53892
drupal.org/user/739994
drupal.org/writing-secure-code