NVD

Id
36562  
Name
CVE-2013-0206  
Description
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-03-19  
Modified Date
2013-03-21  
Seq
2013-0206  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
186763 36562 CVE-2013-0206 http://drupal.org/node/1883976  View
186764 36562 CVE-2013-0206 http://drupal.org/node/1883978  View
186765 36562 CVE-2013-0206 http://drupalcode.org/project/live_css.git/commitdiff/cb7005f  View
186766 36562 CVE-2013-0206 http://drupalcode.org/project/live_css.git/commitdiff/ef323c8  View
186767 36562 CVE-2013-0206 [oss-security] 20130121 Re: CVE request for Drupal contributed modules  View
186768 36562 CVE-2013-0206 https://drupal.org/node/1890318  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
20374 JVNDB-2013-001949 Drupal 用 Live CSS モジュールにおける任意のコードを実行される脆弱性 Drupal 用 Live CSS モジュールには、ファイルをアップロードされることにより、任意のコードを実行される脆弱性が存在します。 CVE-2013-0206 60148 CVE-2013-0206 36562 6 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001949.html 2013-01-09 2013-03-22 View