File Upload Vulnerability in Drupal Core by Acquia
CVE-2022-25277

7.2HIGH

Key Information:

Vendor: Drupal
Status: Core
Vendor: CVE Published:; 26 April 2023

Summary

Drupal Core has a vulnerability related to filename sanitization during file uploads. The system is designed to sanitize filenames with potentially dangerous extensions and remove leading and trailing dots to mitigate the risk of uploading sensitive configuration files. However, the sanitization process did not function effectively when both protections were applied together. Specifically, if a site allows the upload of files with an .htaccess extension, the filename may escape the intended sanitization safeguards. This can result in the possibility of remote code execution on Apache web servers if an administrator incorrectly configures file fields to permit .htaccess file uploads. The risk is generally mitigated unless a field administrator grants explicit permission or a module/script misconfigures upload rules.

Affected Version(s)

Core 9.4 < 9.4.3

Core 9.3 < 9.3.19

References

https://www.drupal.org/sa-core-2022-014

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2023
Vulnerability Reserved
Feb 16, 2022