CVE-2012-5653

Priority
Medium
Description
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18
allows remote authenticated users to bypass the protection mechanism and
execute arbitrary PHP code via a null byte in a file name.
References
Package
Upstream:released (7.18)
Ubuntu 17.10 (Artful Aardvark):not-affected (7.22-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (7.22-1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.22-1)
Ubuntu 17.04 (Zesty Zapus):not-affected (7.22-1)
Package
Upstream:released (6.27)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-08-11 23:49:51 UTC (commit 13081)