6
CVE-2013-0206
- EPSS 1.86%
- Veröffentlicht 19.03.2013 14:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Guy Bedford ≫ Live Css Version6.x-2.0
Guy Bedford ≫ Live Css Version7.x-2.0
Guy Bedford ≫ Live Css Version7.x-2.0-beta1
Guy Bedford ≫ Live Css Version7.x-2.1
Guy Bedford ≫ Live Css Version7.x-2.2
Guy Bedford ≫ Live Css Version7.x-2.3
Guy Bedford ≫ Live Css Version7.x-2.4
Guy Bedford ≫ Live Css Version7.x-2.5
Guy Bedford ≫ Live Css Version7.x-2.6
Guy Bedford ≫ Live Css Version7.x-2.x-dev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.764 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
http://www.openwall.com/lists/oss-security/2013/01/21/5
http://drupal.org/node/1883976
http://drupal.org/node/1883978
http://drupalcode.org/project/live_css.git/commitdiff/cb7005f
http://drupalcode.org/project/live_css.git/commitdiff/ef323c8
https://drupal.org/node/1890318