webform_multifile 6.x-1.4

Release notes

The Webform Multifile File Upload module contains a Remote Code Execution (RCE) vulnerability exists where form inputs will be unserialized and a specially crafted form input may trigger arbitrary code execution depending on the libraries available on a site.

This vulnerability is mitigated by the fact that an attacker must have the ability to submit a Webform with a Multiple File Input field. Further, a site must have an object defined with methods that are invoked at wake/destroy that include code that can be leveraged for malicious purposes (Drupal 7 Core contains one such class which can be used to delete arbitrary files).

Download Size md5 hash
webform_multifile-6.x-1.4.tar.gz 99 KB d4d16a14bca990696e51f89d7afb8290
webform_multifile-6.x-1.4.zip 105.44 KB 770342aad4f2187648b146b3f5870bd0
Last updated: July 13, 2016 – 07:53
Official release from tag: 
Core compatibility: 
Release type: 
Packaged Git sha1: 

Source: https://www.drupal.org/taxonomy/term/87/feed

Leave a Reply