Unrestricted File Upload Vulnerability in Avatar Uploader Module for Drupal
CVE-2015-2087

Currently unrated

Key Information:

Vendor: Avatar Uploader Project
Status: Avatar Uploader
Vendor: CVE Published:; 26 February 2015

🔔 Create Avatar Uploader Project Vulnerability Alert

What is CVE-2015-2087?

The Avatar Uploader module in Drupal before version 6.x-1.3 is susceptible to an unrestricted file upload vulnerability. This flaw permits authenticated remote users to upload files with a PHP extension, which may lead to arbitrary PHP code execution. The compromised files can be accessed through unspecified vectors, potentially enabling attackers to execute malicious scripts. Addressing this vulnerability is crucial to maintaining the security integrity of the Drupal ecosystem.

References

https://www.drupal.org/node/2427069

x_refsource_CONFIRM

https://www.drupal.org/node/2428793

x_refsource_MISC

http://www.securityfocus.com/bid/72674

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 26, 2015

CVE-2015-2087 Data

JSON