3 matches found
CVE-2014-5170
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003...
CVE-2014-5170
The CVE-2014-5170 entry concerns the Drupal Storage API module. Affected: Storage API module for Drupal 7.x before 7.x-1.6. Root cause: failure to update .htaccess file contents after SA-CORE-2013-003, enabling remote attackers to execute arbitrary code. The issue is documented in DRUPAL-SA-CONTR...
SA-CONTRIB-2014-074 - Storage API - Code execution prevention
Storage API is a low-level framework for managed file storage and serving. The module creates an .htaccess file in the files directory to prevent code execution, but copied the Drupal core file and wasn't updated to include the improved file contents after SA-CORE-2013-003. This vulnerability is...