Advisory ID: 
BACKDROP-SA-CORE-2016-001
Vulnerability: 
Access bypass
Open Redirect
Denial of Service
Versions affected: 
  • Backdrop Core 1.x versions prior to 1.3.3

File upload access bypass and denial of service (File module - Moderately Critical)

A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved.

This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.

Open redirect via path manipulation (Base system - Moderately Critical)

The current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities.

This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL.

Solution: 

Upgrade your site to the latest version of Backdrop CMS. Download available at Backdrop CMS 1.3.3 release page. Update instructions are available at https://backdropcms.org/upgrade#from-previous-versions.

Reported By: 

File upload access bypass and denial of service:

Open redirect via path manipulation:

Fixed By: 

File upload access bypass and denial of service:

Open redirect via path manipulation:

Coordinated By: