PT-2013-2157 · Drupal · Drupal Live Css Module

Forest Monsen

Published

2013-03-19

Updated

2013-03-21

CVE-2013-0206

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Drupal Live CSS module versions 6.x-2.x before 6.x-2.1 Drupal Live CSS module versions 7.x-2.x before 7.x-2.7

Description The issue allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Recommendations For Drupal Live CSS module versions 6.x-2.x before 6.x-2.1, update to version 6.x-2.1 or later. For Drupal Live CSS module versions 7.x-2.x before 7.x-2.7, update to version 7.x-2.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-0206

Affected Products

Drupal Live Css Module

PT-2013-2157 · Drupal · Drupal Live Css Module

CVE-2013-0206

Related Identifiers

Affected Products

References · 7