Drupal Scald File Module Remote Code Execution Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Scald File is one of the modules used to handle multimedia. A remote code execution vulnerability exists in the Drupal Scald File module, version 7.x-1.x prior to 7.x-1.2. An attacker...

Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015

When a PDF is uploaded in Scald File, various tools can be executed if they're installed on the server, to try to generate a thumbnail out of that PDF. This is mitigated by the need to have the sufficient permissions to upload a file in Scald, and also to have at least one of the thumbnail creati...