• Advisory ID: DRUPAL-SA-2008-037
  • Project: TrailScout (third-party module)
  • Version: 5.x
  • Date: 2008-June-18
  • Security risk: Higly critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and SQL injection

Description

The TrailScout module displays a number of last visited pages as breadcrumbs.

The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross site scripting attack may lead to the malicious user gaining administrator access.

Trailscout also does not properly use the Drupal database API and inserts values from cookies directly into queries. This can be exploited on most PHP configurations to perform SQL Injection attacks. These attacks may lead to the malicious user gaining administrator access.

All users are encouraged to update to the latest version. Be sure to verify the compatibility of your contrib modules as you perform the update.

Versions affected

  • TrailScout for Drupal 5.x prior to 5.x-1.4

Drupal core is not affected. If you do not use the contributed TrailScout module, there is nothing you need to do.

Solution

Install the latest version:

See also the TrailScout project page.

Reported by

Gerhard Killesreiter (Drupal security team).

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.