Lucene search

K
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98221
HistoryJun 20, 2018 - 12:00 a.m.

Drupal Coder Module Deserialization RCE

2018-06-2000:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
113

The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the Coder module, specifically in file coder_upgrade.run.php, due to improper validation of user-supplied input to the unserialize() function. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary PHP code.

No source data