CVE-2013-0206

Опубликовано: 19 мар. 2013

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Комментарий

CWE-434: Unrestricted Upload of File with Dangerous Type

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:guy_bedford:live_css:6.x-2.0:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.0:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.0-beta1:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.1:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.2:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.3:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.4:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.5:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.6:*:*:*:*:*:*:*

cpe:2.3:a:guy_bedford:live_css:7.x-2.x-dev:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.0149

Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-4g6f-xr8r-c9h3

github

больше 3 лет назад