View online: https://www.drupal.org/sa-contrib-2018-024

Project: KCFinder integration [1] Date: 2018-May-09 Security risk: *Critical* 16∕25 AC:None/A:User/CI:Some/II:Some/E:Proof/TD:Default [2] Vulnerability: Unsupported Module

Description:  KCFinder is a multi-language file / image manager you can use to easily select, insert, upload and arrange images, flash movies, and other kinds of files.

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466 [3].

The security team marks all unsupported modules critical by default.

Solution:  If you use the KCFinder integration you should uninstall it.

Reported By:  Neil Drumm [4] of the Drupal Security Team

Fixed By:  N/A

[1] https://www.drupal.org/project/kcfinder [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/node/251466 [4] https://www.drupal.org/u/drumm