Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2009-2372

Опубликовано: 08 июл. 2009
Источник: debian
EPSS Низкий

Описание

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
drupal6fixed6.12-1.1package
drupal5not-affectedpackage

Примечания

  • http://drupal.org/node/507572

  • marked as medium as this might lead to code execution if the php filter is enabled

  • requested CVE id

EPSS

Процентиль: 77%
0.01134
Низкий

Связанные уязвимости

ubuntu
почти 16 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

nvd
почти 16 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

github
около 3 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

EPSS

Процентиль: 77%
0.01134
Низкий