Arbitrary PHP Code Execution in Hostmaster (Aegir) Module for Drupal

Arbitrary PHP Code Execution in Hostmaster (Aegir) Module for Drupal

CVE-2015-5501 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.

Learn more about our Cis Benchmark Audit For Apache Http Server.