CVE-2018-25002

Опубликовано: 01 янв. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.

Ссылки

https://www.drupal.org/project/kcfinder/issues/1768718
Third Party Advisory
https://www.drupal.org/project/kcfinder/issues/1768720
Third Party Advisory
https://www.drupal.org/sa-contrib-2018-024
Third Party Advisory
https://www.drupal.org/project/kcfinder/issues/1768718
Third Party Advisory
https://www.drupal.org/project/kcfinder/issues/1768720
Third Party Advisory
https://www.drupal.org/sa-contrib-2018-024
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sunhater:kcfinder:*:*:*:*:*:drupal:*:*

Версия до 2018-06-01 (включая)

EPSS

Процентиль: 66%

0.00516

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-399x-p377-379h

github

больше 3 лет назад