6
CVE-2015-4393
- EPSS 1.71%
- Veröffentlicht 15.06.2015 14:59:48
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Services Project ≫ Services Version7.x-3.0 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.1 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.2 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.3 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.4 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.5 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.6 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.7 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.9 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.10 SwPlatformdrupal
Services Project ≫ Services Version7.x-3.11 SwPlatformdrupal
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.71% | 0.744 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74365
https://www.drupal.org/node/2471847
https://www.drupal.org/node/2471879