File Extractor - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-033
Project: File Extractor
Date: 2021-September-22
Security risk: Critical 15∕25
Vulnerability: Arbitrary PHP code execution
Description
This module enables you to extract the textual content of files for use on a website, e.g. to display it or or use it in search indexes.
The module doesn't sufficiently protect the administrator-defined commands which are executed on the server, which leads to post-authentication remote code execution by a limited set of users.