← Back

CVE-2012-5653

nvd nist
Published: Jan 3, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

Affected (72)

Drupal
1 product
Drupal
Debian
1 product
Debian Linux
Configuration A
34 vulnerable
Vulnerable SoftwareAffected Versions
Drupal
Drupal
Version 7.0
Drupal
Version 7.0 alpha1
Drupal
Version 7.0 alpha2
Drupal
Version 7.0 alpha3
Drupal
Version 7.0 alpha4
Drupal
Version 7.0 alpha5
Drupal
Version 7.0 alpha6
Drupal
Version 7.0 alpha7
Drupal
Version 7.0 beta1
Drupal
Version 7.0 beta2
Drupal
Version 7.0 beta3
Drupal
Version 7.0 dev
Drupal
Version 7.0 rc1
Drupal
Version 7.0 rc2
Drupal
Version 7.0 rc3
Drupal
Version 7.0 rc4
Drupal
Version 7.10
Drupal
Version 7.11
Drupal
Version 7.12
Drupal
Version 7.13
Drupal
Version 7.14
Drupal
Version 7.15
Drupal
Version 7.16
Drupal
Version 7.17
Drupal
Version 7.1
Drupal
Version 7.2
Drupal
Version 7.3
Drupal
Version 7.4
Drupal
Version 7.5
Drupal
Version 7.6
Drupal
Version 7.7
Drupal
Version 7.8
Drupal
Version 7.9
Drupal
Version 7.x-dev
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 6.0
Debian Linux
Version 7.0
Configuration C
36 vulnerable
Vulnerable SoftwareAffected Versions
Drupal
Drupal
Version 6.0
Drupal
Version 6.0 beta1
Drupal
Version 6.0 beta2
Drupal
Version 6.0 beta3
Drupal
Version 6.0 beta4
Drupal
Version 6.0 dev
Drupal
Version 6.0 rc1
Drupal
Version 6.0 rc2
Drupal
Version 6.0 rc3
Drupal
Version 6.0 rc4
Drupal
Version 6.10
Drupal
Version 6.11
Drupal
Version 6.12
Drupal
Version 6.13
Drupal
Version 6.14
Drupal
Version 6.15
Drupal
Version 6.16
Drupal
Version 6.17
Drupal
Version 6.18
Drupal
Version 6.19
Drupal
Version 6.1
Drupal
Version 6.20
Drupal
Version 6.21
Drupal
Version 6.22
Drupal
Version 6.23
Drupal
Version 6.24
Drupal
Version 6.25
Drupal
Version 6.26
Drupal
Version 6.2
Drupal
Version 6.3
Drupal
Version 6.4
Drupal
Version 6.5
Drupal
Version 6.6
Drupal
Version 6.7
Drupal
Version 6.8
Drupal
Version 6.9

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
ExploitPatch
Source: secalert@redhat.com
ExploitPatch
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.