[IT-SecNots] [Security-news] KCFinder integration - Critical - Unsupported Module - SA-CONTRIB-2018-024

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2018-024

Project: KCFinder integration [1]
Date: 2018-May-09
Security risk: *Critical* 16∕25
AC:None/A:User/CI:Some/II:Some/E:Proof/TD:Default [2]
Vulnerability: Unsupported Module

Description: 
KCFinder is a multi-language file / image manager you can use to easily
select, insert, upload and arrange images, flash movies, and other kinds of
files.

The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466 [3].

The security team marks all unsupported modules critical by default.

Solution: 
If you use the KCFinder integration you should uninstall it.

Reported By: 
Neil Drumm [4] of the Drupal Security Team

Fixed By: 
N/A


[1] https://www.drupal.org/project/kcfinder
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/node/251466
[4] https://www.drupal.org/u/drumm

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news