Vulnerability Database

289,552

Total vulnerabilities in the database

CVE-2015-4393

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.

  • Published: Jun 15, 2015
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-4393
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
services_project / services 7.x-3.0 7.x-3.0.x
services_project / services 7.x-3.6 7.x-3.6.x
services_project / services 7.x-3.11 7.x-3.11.x
services_project / services 7.x-3.7 7.x-3.7.x
services_project / services 7.x-3.3 7.x-3.3.x
services_project / services 7.x-3.1 7.x-3.1.x
services_project / services 7.x-3.9 7.x-3.9.x
services_project / services 7.x-3.4 7.x-3.4.x
services_project / services 7.x-3.10 7.x-3.10.x
services_project / services 7.x-3.5 7.x-3.5.x
services_project / services 7.x-3.2 7.x-3.2.x