CVE-2007-1035
Drupal Audio Module - Arbitrary File Read, Delete, and Write via getID3 Demonstration Scripts
Title source: llmDescription
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32542
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0635
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22587
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/119385
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35161
Scores
EPSS
0.0120
EPSS Percentile
79.2%
Details
Status
published
Products (3)
drupal/audio_module
drupal/getid3
1.7.1
drupal/mediafield_module
Published
Feb 21, 2007
Tracked Since
Feb 18, 2026