CVE-2018-25002

January 11, 2021

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal’s security advisory policy.

Summary:

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal’s security advisory policy.

Reference Links(if available):

  • https://www.drupal.org/project/kcfinder/issues/1768718
  • https://www.drupal.org/project/kcfinder/issues/1768720
  • https://www.drupal.org/sa-contrib-2018-024

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    VectorKernel

    VectorKernel – PoCs For Kernelmode Rootkit Techniques Research

    April 18, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 18, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 18, 2024
    CISA Logo

    CISA: Oracle Releases Critical Patch Update Advisory for April 2024

    April 18, 2024
    Basta

    Black Basta Ransomware Victim: doyon[.]com | doyondrilling[.]com

    April 18, 2024