Description
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jayj Quicktag Multiple Vulnerabilities (1.3.1)
WordPress Plugin Events Manager Multiple Cross-Site Scripting Vulnerabilities (5.3.3)
MySQL CVE-2012-0486 Vulnerability (CVE-2012-0486)
WordPress Plugin Advanced AJAX Product Filters Security Bypass (1.3.6.1)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11113)