6

CVE-2012-5653

Exploit
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version7.0
DrupalDrupal Version7.0 Updatealpha1
DrupalDrupal Version7.0 Updatealpha2
DrupalDrupal Version7.0 Updatealpha3
DrupalDrupal Version7.0 Updatealpha4
DrupalDrupal Version7.0 Updatealpha5
DrupalDrupal Version7.0 Updatealpha6
DrupalDrupal Version7.0 Updatealpha7
DrupalDrupal Version7.0 Updatebeta1
DrupalDrupal Version7.0 Updatebeta2
DrupalDrupal Version7.0 Updatebeta3
DrupalDrupal Version7.0 Updatedev
DrupalDrupal Version7.0 Updaterc1
DrupalDrupal Version7.0 Updaterc2
DrupalDrupal Version7.0 Updaterc3
DrupalDrupal Version7.0 Updaterc4
DrupalDrupal Version7.1
DrupalDrupal Version7.2
DrupalDrupal Version7.3
DrupalDrupal Version7.4
DrupalDrupal Version7.5
DrupalDrupal Version7.6
DrupalDrupal Version7.7
DrupalDrupal Version7.8
DrupalDrupal Version7.9
DrupalDrupal Version7.10
DrupalDrupal Version7.11
DrupalDrupal Version7.12
DrupalDrupal Version7.13
DrupalDrupal Version7.14
DrupalDrupal Version7.15
DrupalDrupal Version7.16
DrupalDrupal Version7.17
DrupalDrupal Version7.x-dev
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
DrupalDrupal Version6.0
DrupalDrupal Version6.0 Updatebeta1
DrupalDrupal Version6.0 Updatebeta2
DrupalDrupal Version6.0 Updatebeta3
DrupalDrupal Version6.0 Updatebeta4
DrupalDrupal Version6.0 Updatedev
DrupalDrupal Version6.0 Updaterc1
DrupalDrupal Version6.0 Updaterc2
DrupalDrupal Version6.0 Updaterc3
DrupalDrupal Version6.0 Updaterc4
DrupalDrupal Version6.1
DrupalDrupal Version6.2
DrupalDrupal Version6.3
DrupalDrupal Version6.4
DrupalDrupal Version6.5
DrupalDrupal Version6.6
DrupalDrupal Version6.7
DrupalDrupal Version6.8
DrupalDrupal Version6.9
DrupalDrupal Version6.10
DrupalDrupal Version6.11
DrupalDrupal Version6.12
DrupalDrupal Version6.13
DrupalDrupal Version6.14
DrupalDrupal Version6.15
DrupalDrupal Version6.16
DrupalDrupal Version6.17
DrupalDrupal Version6.18
DrupalDrupal Version6.19
DrupalDrupal Version6.20
DrupalDrupal Version6.21
DrupalDrupal Version6.22
DrupalDrupal Version6.23
DrupalDrupal Version6.24
DrupalDrupal Version6.25
DrupalDrupal Version6.26
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.72% 0.745
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Broken Link
http://drupal.org/SA-CORE-2012-004
Patch
Vendor Advisory
http://drupalcode.org/project/drupal.git/commitdiff/b47f95d
Patch
Exploit
http://drupalcode.org/project/drupal.git/commitdiff/da8023a
Patch
Exploit
http://www.debian.org/security/2013/dsa-2776
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/20/1
Third Party Advisory
http://www.securityfocus.com/bid/56993
Third Party Advisory
http://osvdb.org/88529
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/80795