- Remote Code Execution
- Open Redirect
- Backdrop Core 1.x.x versions prior to 1.11.2
Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.
External URL injection through URL aliases - Moderately Critical - Open Redirect
The path module allows users with the 'administer paths' permission to create pretty URLs for content.
In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
The issue is mitigated by the fact that the user needs the `administer paths` permission to exploit.
Upgrade your site to the most recent version of Backdrop core. Download available on the Backdrop CMS 1.11.2 release page. See the update instructions, if needed.
- John Franklin of the Backdrop CMS Security Team
- Dave Reid of the Drupal Security Team
- David Rothstein of the Drupal Security Team
- Peter Wolanin of the Drupal Security Team
- Jess of the Drupal Security Team
- Alex Bronstein of the Drupal Security Team
- Nathaniel Catchpole of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Stefan Ruijsenaars of the Drupal Security Team
- David Snopek of the Drupal Security Team
- Ted Bowman Provisional member of the Drupal Security Team
- Sascha Grossenbacher
- Daniel Wehner
- Klaus Purer
- Damien Tournoud
- Wim Leers
- Jen Lampton of the Backdrop CMS Security Team
- Nate Lampton of the Backdrop CMS Security Team