CVE-2012-5653

Priority
Medium
Description
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18
allows remote authenticated users to bypass the protection mechanism and
execute arbitrary PHP code via a null byte in a file name.
References
Package
Upstream:released (7.18)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):ignored (reached end-of-life)
Ubuntu 13.10 (Saucy Salamander):not-affected (7.22-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (7.22-1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (7.22-1)
Package
Upstream:released (6.27)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):ignored (reached end-of-life)
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-16 13:16:15 UTC (commit 8065)