PT-2013-6023 · Drupal · Drupal

Published

2013-11-30

Updated

2014-01-14

CVE-2013-6385

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Drupal versions 6.x before 6.29 Drupal versions 7.x before 7.24

Description The issue affects the form API in Drupal, potentially allowing remote attackers to trigger application-specific impacts, such as arbitrary code execution, via application-specific vectors when used with unspecified third-party modules. This occurs because the form API performs form validation even when CSRF validation has failed.

Recommendations For Drupal 6.x, update to version 6.29 or later. For Drupal 7.x, update to version 7.24 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-6385

DSA-2804-1

DSA-2828-1

MGASA-2013-0359

Affected Products

Drupal

PT-2013-6023 · Drupal · Drupal

CVE-2013-6385

Weakness Enumeration

Related Identifiers

Affected Products

References · 13