CVE-2018-25002

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal’s security advisory policy.

Reference Links(if available):

  • https://www.drupal.org/project/kcfinder/issues/1768718
  • https://www.drupal.org/project/kcfinder/issues/1768720
  • https://www.drupal.org/sa-contrib-2018-024
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)