Description

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

Remediation

References

CVE-2012-5653

Related Vulnerabilities

Internet Information Services Permissions, Privileges, and Access Controls Vulnerability (CVE-1999-0777)

WordPress Plugin Event List Cross-Site Scripting (0.7.9)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5297)

RubyGems Improper Verification of Cryptographic Signature Vulnerability (CVE-2018-1000076)

WebLogic CVE-2020-14625 Vulnerability (CVE-2020-14625)

Severity

Medium

Classification

CVE-2012-5653 CWE-20

Tags

Missing Update Known Vulnerabilities