2 matches found
Code injection
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...
CVE-2018-25002
CVE-2018-25002 affects the Drupal KCFinder integration (uploader.php) through 2018-06-01, where input validation is mishandled. The issue originates from the KCFinder integration project and is associated with SA-CONTRIB-2018-024. NVD lists CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vect...