Title: Drupal ImageCache Module Security Bypass and HTML Injection Vulnerabilities
Severity: HIGH
Description:
ImageCache is a module for setting image-processing presets for the Drupal content manager.
Since it fails to sanitize user-supplied input, the application is prone to the following vulnerabilities:
1. An HTML-injection issue affects user-supplied preset variables. Attackers require 'administer imagecache' privileges to exploit this issue.
2. A security-bypass issue allows unprivileged attackers to access an image if the private filesystem is enabled. The application fails to properly check access permissions to original images when generating derivatives.
Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions; other attacks may also be possible.
Versions prior to ImageCache 5.x-2.5 and 6.x-2.0-beta10 are vulnerable.
Affected Products:
- Drupal ImageCache 5.x-2.4
- Drupal ImageCache 6.x-2.0-beta9
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
