CVE-2012-5653

Priority
Medium
Description
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18
allows remote authenticated users to bypass the protection mechanism and
execute arbitrary PHP code via a null byte in a file name.
References
Package
Upstream:released (7.18)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (7.22-1)
Ubuntu 15.04 (Vivid Vervet):not-affected (7.22-1)
Ubuntu 15.10 (Wily Werewolf):not-affected (7.22-1)
Package
Upstream:released (6.27)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:18:42 UTC (commit 9756)