Lucene search

[email protected]CVE-2012-5653

HistoryJan 03, 2013 - 1:55 a.m.

CVE-2012-5653

2013-01-0301:55:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-5653

drupal

file upload

remote authenticated users

bypass

arbitrary code execution

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

Affected configurations

NVD

Node

drupaldrupalMatch7.0

drupaldrupalMatch7.0alpha1

drupaldrupalMatch7.0alpha2

drupaldrupalMatch7.0alpha3

drupaldrupalMatch7.0alpha4

drupaldrupalMatch7.0alpha5

drupaldrupalMatch7.0alpha6

drupaldrupalMatch7.0alpha7

drupaldrupalMatch7.0beta1

drupaldrupalMatch7.0beta2

drupaldrupalMatch7.0beta3

drupaldrupalMatch7.0dev

drupaldrupalMatch7.0rc1

drupaldrupalMatch7.0rc2

drupaldrupalMatch7.0rc3

drupaldrupalMatch7.0rc4

drupaldrupalMatch7.1

drupaldrupalMatch7.2

drupaldrupalMatch7.3

drupaldrupalMatch7.4

drupaldrupalMatch7.5

drupaldrupalMatch7.6

drupaldrupalMatch7.7

drupaldrupalMatch7.8

drupaldrupalMatch7.9

drupaldrupalMatch7.10

drupaldrupalMatch7.11

drupaldrupalMatch7.12

drupaldrupalMatch7.13

drupaldrupalMatch7.14

drupaldrupalMatch7.15

drupaldrupalMatch7.16

drupaldrupalMatch7.17

drupaldrupalMatch7.x-dev

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

Node

drupaldrupalMatch6.0

drupaldrupalMatch6.0beta1

drupaldrupalMatch6.0beta2

drupaldrupalMatch6.0beta3

drupaldrupalMatch6.0beta4

drupaldrupalMatch6.0dev

drupaldrupalMatch6.0rc1

drupaldrupalMatch6.0rc2

drupaldrupalMatch6.0rc3

drupaldrupalMatch6.0rc4

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

drupaldrupalMatch6.6

drupaldrupalMatch6.7

drupaldrupalMatch6.8

drupaldrupalMatch6.9

drupaldrupalMatch6.10

drupaldrupalMatch6.11

drupaldrupalMatch6.12

drupaldrupalMatch6.13

drupaldrupalMatch6.14

drupaldrupalMatch6.15

drupaldrupalMatch6.16

drupaldrupalMatch6.17

drupaldrupalMatch6.18

drupaldrupalMatch6.19

drupaldrupalMatch6.20

drupaldrupalMatch6.21

drupaldrupalMatch6.22

drupaldrupalMatch6.23

drupaldrupalMatch6.24

drupaldrupalMatch6.25

drupaldrupalMatch6.26

CPENameOperatorVersion
drupal:drupaldrupaleq7.0
drupal:drupaldrupaleq7.1
drupal:drupaldrupaleq7.2
drupal:drupaldrupaleq7.3
drupal:drupaldrupaleq7.4
drupal:drupaldrupaleq7.5
drupal:drupaldrupaleq7.6
drupal:drupaldrupaleq7.7
drupal:drupaldrupaleq7.8
drupal:drupaldrupaleq7.9

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	7.0
drupal:drupal	drupal	eq	7.1
drupal:drupal	drupal	eq	7.2
drupal:drupal	drupal	eq	7.3
drupal:drupal	drupal	eq	7.4
drupal:drupal	drupal	eq	7.5
drupal:drupal	drupal	eq	7.6
drupal:drupal	drupal	eq	7.7
drupal:drupal	drupal	eq	7.8
drupal:drupal	drupal	eq	7.9