Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

Project: Drupal coreDate: 2022-July-20Security risk: Critical 15∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionDescription: Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work

More info:

https://www.drupal.org/sa-core-2022-014Leer másÚltimas Vulnerabilidades

Project: Drupal coreDate: 2022-July-20Security risk: Critical 15∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionDescription: Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work More info: https://www.drupal.org/sa-core-2022-014

Project: Drupal coreDate: 2022-July-20Security risk: Critical 15∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionDescription: Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work

More info:

https://www.drupal.org/sa-core-2022-014Leer másÚltimas Vulnerabilidades

Facebook
Twitter
LinkedIn
Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

ciso2ciso editor´s picks

More Latest Published Posts