me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097

Project: me aliases
Date: 2017-December-20
Security risk: *Highly critical* 20∕25
Vulnerability: Arbitrary code execution


'me' module provides shortcut paths to current user's pages, eg user/me, blog/me, user/me/edit, tracker/me etc.

The way 'me' module handles URL arguments allows an attacker to execute arbitrary code strings.


Install the latest version:

If you use the 'me' module for Drupal 7.x, upgrade to 'me' 7.x-1.3:

Add new comment