Lucene search

RedhatCVELIST:CVE-2012-5653

HistoryJan 03, 2013 - 1:00 a.m.

CVE-2012-5653

2013-01-0301:00:00

redhat

www.cve.org

6.9 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

References

drupal.org/SA-CORE-2012-004

drupalcode.org/project/drupal.git/commitdiff/b47f95d

drupalcode.org/project/drupal.git/commitdiff/da8023a

osvdb.org/88529

www.debian.org/security/2013/dsa-2776

www.mandriva.com/security/advisories?name=MDVSA-2013:074

www.openwall.com/lists/oss-security/2012/12/20/1

www.securityfocus.com/bid/56993

exchange.xforce.ibmcloud.com/vulnerabilities/80795