CVE-2012-5653
Publication date 3 January 2013
Last updated 24 July 2024
Ubuntu priority
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
Status
Package | Ubuntu Release | Status |
---|---|---|
drupal6 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
drupal7 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|