Home > Content Management, File Inclusion > Drupal Theme Engine Local File Inclusion

Drupal Theme Engine Local File Inclusion

March 27th, 2009

Application: Drupal
Affected Version: prior to 5.16 and 6.x prior to 6.10.
Vendor’s URL: Drupal Theme Engine
Bug Type: Local File Inclusion
Risk Level: Critical

Solution:
Update to a fixed version or apply patches.

– Drupal 5.x –
Update to version 5.16:
http://ftp.drupal.org/files/projects/drupal-5.16.tar.gz

Patch for version 5.15:
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patch

– Drupal 6.x –
Update to version 6.10:
http://ftp.drupal.org/files/projects/drupal-6.10.tar.gz

Patch for version 6.9:
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patch

Content Management, File Inclusion

Comments are closed.