CVE-2012-5653 in Drupalinformazioni

Riassunto

di MITRE

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

24/10/2012

Divulgazione

02/01/2013

Moderazione

accettato

Voce

VDB-63303

CPE

pronto

CWE

CWE-20 (confermato)

CVSS

6.0 (NVD)

EPSS

0.01719

KEV

Attività

molto basso

Settore

Agriculture, Lawfirm, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5653
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5653
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5653/

◂ Precedente Visione D'ensemble Il prossimo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!