7.2 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.7%
The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the βSave file informationβ permission to execute arbitrary code via a crafted filename.
www.openwall.com/lists/oss-security/2015/04/25/6
www.securityfocus.com/bid/74365
www.drupal.org/node/2471847
www.drupal.org/node/2471879