Reference: CERT-EU Security Advisory 2016-128 ==================FOR INTERNAL USE ONLY================= Short Summary - ------------- The Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability; fixes are available. Drupal Webform Multiple File Upload Module Remote Code Execution Vulnerability Bugtraq ID 91749 CVE CVE-MAP-NOMATCH Published Jul 13 2016 Last Update 07/13/2016 6:17:16 PM GMT Remote Yes Local No Credibility Vendor Confirmed Classification Input Validation Error Ease No Exploit Available Availability Always Authentication Not Required CVSS Version 2 Scores CVSS2 Base 10 CVSS2 Temporal 7.4 CVSS2 Base Vector AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS2 Temporal VectorE:U/RL:OF/RC:C CVSS Version 1 Scores CVSS1 Base 10 CVSS1 Temporal 7.4 NVD CVSS2 BaseScore 7.5 NVD CVSS2 ComponentStringAV:N/AC:L/Au:N/C:P/I:P/A:P Impact 10 Severity 10 Urgency Rating 8.2 Last Change Initial analysis. Impact - ------ An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Technical Description - --------------------- Webform Multiple File Upload is a module for the Drupal content manager. The Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability. Specifically, this issue occurs because it fails to properly sanitize user-supplied inputs. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Note: Successfully exploiting this issue requires an attacker must have the ability to submit a Webform with a Multiple File Input field. Webform Multiple File Upload module 7.x-1.x versions prior to 7.x-1.4 are vulnerable. Attack Scenarios - ---------------- 1. An attacker locates a computer hosting the vulnerable application. 2. The attacker crafts a malicious file sufficient to trigger this issue and sends it to the affected application. 3. When the application processes the file, the issue is triggered. Solutions - --------- Updates are available. Please see the references or vendor advisory for more information. Vulnerable Systems - ------------------ Drupal Webform Multiple File Upload 7.x-1.0 cpe:/a:drupal:webform_multiple_file_upload:7.x-1.0 SYMC Drupal Webform Multiple File Upload 7.x-1.1 cpe:/a:drupal:webform_multiple_file_upload:7.x-1.1 SYMC Drupal Webform Multiple File Upload 7.x-1.2 cpe:/a:drupal:webform_multiple_file_upload:7.x-1.2 SYMC Drupal Webform Multiple File Upload 7.x-1.3 cpe:/a:drupal:webform_multiple_file_upload:7.x-1.3 SYMC References - ---------- Advisory:Webform Multiple File Upload - Critical - Remote Code Execution - - SA-CONTRIB-201 (Drupal) Drupal https://www.drupal.org/node/2765573 Web Page:Drupal Homepage (Drupal) Drupal http://drupal.org/ =============================================================== This is an automatic alert service based on Symantec Deepsight. It is intended only for the use of CERT-EU Constituency. =============================================================== CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383