CVE-2015-2087

Name of the Vulnerable Software and Affected Versions Drupal Avatar Uploader module versions prior to 6.x-1.3

Description The issue allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension. This is achieved through the Avatar Uploader module, which does not properly restrict file uploads.

Recommendations For versions prior to 6.x-1.3, update the Avatar Uploader module to version 6.x-1.3 or later to resolve the issue. As a temporary workaround, consider disabling the Avatar Uploader module until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid using the module for file uploads until the issue is resolved.