Drupal Panels Module 6.x PHP Code Execution Vulnerability

2010-05-21T00:00:00
ID SSV:19674
Type seebug
Reporter Root
Modified 2010-05-21T00:00:00

Description

A vulnerability has been reported in Panels module for Drupal, which can be exploited by malicious users to compromise a vulnerable system.

Certain unspecified input is not properly sanitised before being used in the import functionality. This can be exploited to execute arbitrary PHP code.

Successful exploitation requires "create mini panels" permissions.

The vulnerability is reported in versions prior to 6.x-3.4.

Drupal Panels Module 6.x Update to version 6.x-3.4.

SA-CONTRIB-2010-059: http://drupal.org/node/803952