Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2013-0224
cve-2013-0224
video module
drupal
local code execution
ffmpeg
nvd
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.
Affected configurations
Node
video_projectvideoMatch7.x-2.0alpha1
ORvideo_projectvideoMatch7.x-2.0alpha2
ORvideo_projectvideoMatch7.x-2.0alpha3
ORvideo_projectvideoMatch7.x-2.0alpha4
ORvideo_projectvideoMatch7.x-2.0alpha5
ORvideo_projectvideoMatch7.x-2.0alpha6
ORvideo_projectvideoMatch7.x-2.1alpha1
ORvideo_projectvideoMatch7.x-2.1alpha2
ORvideo_projectvideoMatch7.x-2.1alpha3
ORvideo_projectvideoMatch7.x-2.2
ORvideo_projectvideoMatch7.x-2.2beta1
ORvideo_projectvideoMatch7.x-2.2beta2
ORvideo_projectvideoMatch7.x-2.2beta3
ORvideo_projectvideoMatch7.x-2.2beta4
ORvideo_projectvideoMatch7.x-2.2beta5
ORvideo_projectvideoMatch7.x-2.3
ORvideo_projectvideoMatch7.x-2.4
ORvideo_projectvideoMatch7.x-2.5
ORvideo_projectvideoMatch7.x-2.6
ORvideo_projectvideoMatch7.x-2.7
ORvideo_projectvideoMatch7.x-2.8
ORvideo_projectvideoMatch7.x-2.xdev
drupaldrupalMatch-
Related
prion
prion
Code injection
2013-03-19 14:55:00
nvd
nvd
CVE-2013-0224
2013-03-19 14:55:02
drupal
drupal
SA-CONTRIB-2013-006 - Video - Arbitrary Code Execution
2013-01-23 00:00:00
cvelist
cvelist
CVE-2013-0224
2022-10-03 16:15:03
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2013-0224