Vulnerabilities > CVE-2015-5501 - 7PK - Security Features vulnerability in Aegirproject Hostmaster

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

aegirproject

CWE-254

NVD

Published: 2015-08-18

Updated: 2024-11-21

Summary

The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.

Vulnerable Configurations

Part	Description	Count
Application	Aegirproject Aegirproject Hostmaster 6.X-3.0 Aegirproject Hostmaster 6.X-2.1 Aegirproject Hostmaster 6.X-2.0 Aegirproject Hostmaster 6.X-2.3 Aegirproject Hostmaster 6.X-2.2	5

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://community.aegirproject.org/2.4
http://community.aegirproject.org/2.4
http://community.aegirproject.org/3.0-beta2
http://community.aegirproject.org/3.0-beta2
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/74759
http://www.securityfocus.com/bid/74759
https://www.drupal.org/node/2492317
https://www.drupal.org/node/2492317