Lucene search
HistoryJun 15, 2015 - 2:59 p.m.
CVE-2015-4393
cve-2015-4393
services module
drupal
remote code execution
file upload vulnerability
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.8%
The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the “Save file information” permission to execute arbitrary code via a crafted filename.
Affected configurations
Node
services_projectservicesMatch7.x-3.0drupal
ORservices_projectservicesMatch7.x-3.1drupal
ORservices_projectservicesMatch7.x-3.2drupal
ORservices_projectservicesMatch7.x-3.3drupal
ORservices_projectservicesMatch7.x-3.4drupal
ORservices_projectservicesMatch7.x-3.5drupal
ORservices_projectservicesMatch7.x-3.6drupal
ORservices_projectservicesMatch7.x-3.7drupal
ORservices_projectservicesMatch7.x-3.9drupal
ORservices_projectservicesMatch7.x-3.10drupal
ORservices_projectservicesMatch7.x-3.11drupal
Related
prion
prion
Code injection
2015-06-15 14:59:00
nvd
nvd
CVE-2015-4393
2015-06-15 14:59:48
cvelist
cvelist
CVE-2015-4393
2015-06-15 14:00:00
drupal
drupal
Services - Critical - Multiple Vulnerabilites - SA-CONTRIB-2015-096
2015-04-15 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.8%
Related for CVE-2015-4393