Unrestricted file upload

2013-03-1914:55:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the “administer CSS” permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

CPENameOperatorVersion
live_csseq6.120.20
live_csseq7.120.20
live_csseq7.0.0-x2.0-beta1
live_csseq7.120.21
live_csseq7.120.22
live_csseq7.120.23
live_csseq7.120.24
live_csseq7.120.25
live_csseq7.120.26
live_csseq7.0.0-x2-xdev

Name	Operator	Version
live_css	eq	6.120.20
live_css	eq	7.120.20
live_css	eq	7.0.0-x2.0-beta1
live_css	eq	7.120.21
live_css	eq	7.120.22
live_css	eq	7.120.23
live_css	eq	7.120.24
live_css	eq	7.120.25
live_css	eq	7.120.26
live_css	eq	7.0.0-x2-xdev