CVE-2013-0206

Name of the Vulnerable Software and Affected Versions Drupal Live CSS module versions 6.x-2.x before 6.x-2.1 Drupal Live CSS module versions 7.x-2.x before 7.x-2.7

Description The issue allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Recommendations For Drupal Live CSS module versions 6.x-2.x before 6.x-2.1, update to version 6.x-2.1 or later. For Drupal Live CSS module versions 7.x-2.x before 7.x-2.7, update to version 7.x-2.7 or later.