Description
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21426 Vulnerability (CVE-2022-21426)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)
Oracle JRE CVE-2014-0461 Vulnerability (CVE-2014-0461)
WordPress Plugin Featured Posts by BestWebSoft Cross-Site Scripting (1.0.0)
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (2.33)