CVE-2007-1035

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

Link	Resource
http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module
http://drupal.org/node/119385	Patch Vendor Advisory
http://www.securityfocus.com/bid/22587	Patch
http://osvdb.org/35161
http://www.vupen.com/english/advisories/2007/0635
https://exchange.xforce.ibmcloud.com/vulnerabilities/32542

Configuration 1

cpe:2.3:a:drupal:mediafield_module:*:*:*:*:*:*:*:* cpe:2.3:a:drupal:getid3:1.7.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:audio_module:*:*:*:*:*:*:*:*

---

Published : 2007-02-21 11:28

Updated : 2017-07-29 01:30

---

NVD link : CVE-2007-1035

Mitre link : CVE-2007-1035

Audio Module

Drupal

NVD-CWE-Other