Vigil@nce - Drupal Hosting: privilege escalation
October 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create malicious content for Drupal Hosting, in
order to escalate his privileges.
– Impacted products: Drupal Modules not comprehensive.
– Severity: 2/4.
– Creation date: 18/08/2016.
DESCRIPTION OF THE VULNERABILITY
The Hosting module can be installed on Drupal.
However, the access check for custom content created by users is
insufficient.
An attacker can therefore create malicious content for Drupal
Hosting, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Drupal-Hosting-privilege-escalation-20427