Vendor: | Tag1 Consulting |
---|---|
Product: | Coder Module for Drupal |
Affected Version(s): | <= 7.x-2.5, <= 7.x-1.2 |
Severity: | Critical |
Reference: | SA-CONTRIB-2016-039 |
Researcher: | Nicky Bloor (@NickstaDB) |
Links: |
Description
The third-party ‘Coder’ module for the Drupal content management system had multiple vulnerabilities that could be combined to trigger the execution of arbitrary code on the target server. At the time of discovery this module was reportedly used by around 5,000 websites.
Remediation
Upgrade the module to at least version 7.x-1.3 or 7.x-2.6. The coder module is a development module and should not be published to production environments.