The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
References
Link | Resource |
---|---|
https://www.drupal.org/node/2312769 | Vendor Advisory |
https://www.drupal.org/node/2312655 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/95054 | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2014/07/31/4 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-03-29 11:29
Updated : 2018-04-27 09:05
NVD link : CVE-2014-5170
Mitre link : CVE-2014-5170
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
drupal
- storage_api