Drupal Security Advisories

Project: Custom TokensDate: 2018-June-13Security risk: Critical 16∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Arbitrary PHP code executionDescription: 

The Custom Tokens module enables you to create custom tokens for specific replacements that can improve other modules relying on the token API.

The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer custom tokens".

CVE identifier(s) issued
  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Solution: 

Install the latest version and review your permissions.

Note, after upgrading, additional configuration steps required. Sites using this module should review the permissions page at Administration » People » Permissions to verify only trusted users are granted permissions defined by the module such as "administer custom tokens".

Also see the Custom Tokens project page.

Reported By: Fixed By: Coordinated By: 
Project: Entity DeleteDate: 2018-June-06Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Multiple Vulnerabilities Description: 

This module enables you to delete any types of entities in bulk.

The module doesn't sufficiently verify access permissions under its use cases, leading to access bypass. The module also does not protect against Cross Site Request Forgeries on its delete process.

The access bypass vulnerability is mitigated by the fact that an attacker must have a role with the permission "access content". There is no additional mitigation for the Cross Site Request Forgery vulnerability.

Solution: 

Install the latest version:

Also see the Entity Delete project page.

Reported By: Fixed By: Coordinated By: 
Project: AdTego SiteIntel - AdBlocker DetectDate: 2018-June-06Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466.

Solution: 

If you use this project, you should uninstall it.

Reported By: 
Project: MollomDate: 2018-June-06Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported projects critical by default.

Solution: 

If you use this project, you should uninstall it.

Reported By: Fixed By: 

N/A

Coordinated By: 

N/A

Project: ZirconDate: 2018-May-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported themes and modules critical by default.

Solution: 

If you use this theme, you should uninstall it.

Reported By: 

Drew Webber

Project: EducationDate: 2018-May-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported themes and modules critical by default.

Solution: 

If you use this theme, you should uninstall it.

Reported By: 

Drew Webber

Project: TB SirateDate: 2018-May-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported themes and modules critical by default.

Solution: 

If you use this theme, you should uninstall it.

Reported By: 

Drew Webber

Project: HotelDate: 2018-May-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported themes and modules critical by default.

Solution: 

If you use this theme, you should uninstall it.

Reported By: 

Drew Webber

Project: iShoppingDate: 2018-May-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported themes and modules critical by default.

Solution: 

If you use this theme, you should uninstall it.

Reported By: 

Drew Webber

Project: Corporate SiteDate: 2018-May-23Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: UnsupportedDescription: 

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466.

The security team marks all unsupported themes and modules critical by default.

Solution: 

If you use this theme, you should uninstall it.

Reported By: 

Drew Webber

What our clients are saying

... they also made suggestions which showed me that they fully understood what I wanted to accomplish.
I had a very tight deadline and budget, and they met it, seemingly with ease.
...took my less than mediocre site and completely revamped it into a beautiful, professional, and easy-to-navigate site
...able to translate technical information in an accessible way...
...a pleasure to work with, combining patience (for my busy schedule and at times overwhelmed brain) with her strong motivation and energy to keep me going
...can do anything any other designer can do and generally quicker, cheaper and better.
Thanks so much for everything!
I have seen the first layouts and they are awesome...
... incredibly impressed with what you brought to the table
...continued to monitor it closely and is still always available to help me if I have any questions
...provided us with excellent, expert service in a professional and personable manner.
I would highly recommend her for any position requiring IT design and development
I would highly recommend her for any position requiring IT design and development
...able to take my abstract ideas and add their expertise to bring them to life in a way that was better than I could have imagined!
A great experience and a much improved website.
I'm so happy we chose to work with PEERLESS Design.
...we just want you to know that we are appreciative!
I love directing our customers to our new site knowing that they are going to be able to find exactly what they are looking for...
I realized that I had picked the right company to work with soon after beginning a project with Peerless Design, Inc.
...creative, independent, responsive...
...dedicated, competent and driven to get the job done and done well.
" PDI provides us prompt, effective and efficient service in maintaining our Drupal based website."
...I have no doubt we will have the best site in the 2010 election of any PA candidate
...very responsive to our questions and needs
...your punctuality, your casual and open personalities, and both your hard copy and online portfolios speak very highly of you and your business as well