PT-2012-3390 · Drupal · Fill Pdf
Kurt Seifried
·
Published
2012-09-20
·
Updated
2012-09-20
·
CVE-2012-1625
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Fill PDF module versions 6.x-1.x prior to 6.x-1.16
Fill PDF module versions 7.x-1.x prior to 7.x-1.2
Description
The issue allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code. This is due to an eval injection vulnerability in the
fillpdf form export decode function.Recommendations
For Fill PDF module version 6.x-1.x, update to version 6.x-1.16 or later.
For Fill PDF module version 7.x-1.x, update to version 7.x-1.2 or later.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fill Pdf