CVE-2012-5653

Priority
Medium
Description
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18
allows remote authenticated users to bypass the protection mechanism and
execute arbitrary PHP code via a null byte in a file name.
References
Package
Upstream:released (7.18)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (7.22-1)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):not-affected (7.22-1)
Ubuntu 16.04 (Xenial Xerus):not-affected (7.22-1)
Package
Upstream:released (6.27)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Ubuntu 16.04 (Xenial Xerus):DNE
More Information

Updated: 2016-04-21 23:17:03 UTC (commit 10924)