Remote Code Execution in Drupal's Send by E-mail Module
CVE-2009-1037

Currently unrated

Key Information:

Vendor: Drupal
Status: Print
Vendor: CVE Published:; 20 March 2009

Summary

The Send by E-mail module within Drupal's Printer, e-mail and PDF versions module is susceptible to a vulnerability that allows remote attackers to exploit flood control mechanisms. This flaw enables the sending of unlimited spam messages, potentially disrupting services and affecting user experience. The vulnerability is linked to unidentified vectors that bypass security controls in place, emphasizing the importance of regularly updating and monitoring installations for potential exploits.

References

http://www.securityfocus.com/bid/34173

vdb-entryx_refsource_BID

http://secunia.com/advisories/34374

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/406516

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 20, 2009
Vulnerability Reserved
Mar 20, 2009