CVE-2018-25002

Name of the Vulnerable Software and Affected Versions KCFinder integration project for Drupal versions prior to 2018-06-01

Description The issue concerns the mishandling of validation in the uploader.php file. This could potentially lead to security issues, although specific details about exploitation or affected devices are not provided.

Recommendations For versions prior to 2018-06-01, consider disabling the uploader.php file as a temporary workaround until a patch is available. Restrict access to the vulnerable KCFinder integration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.