drupal/core is vulnerable to remote code execution. A remote attacker is able to bypass protections provided in sanitizeName
function because the filenames with .htaccess
extension are not properly sanitized, which allows the attacker to upload and execute malicious code on the system under attack.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/core | le | 9.4.2 | |
drupal/core | le | 9.3.18 | |
drupal/core | le | 9.2.21 | |
drupal/core | le | 10.0.0-alpha6 | |
drupal/core | le | 9.4.2 | |
drupal/core | le | 9.3.18 | |
drupal/core | le | 9.2.21 | |
drupal/core | le | 10.0.0-alpha6 |