Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0224

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2013-0224
Last Modified 21 Mar 2013 12:00:00
Published 19 Mar 2013 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0224

Summary

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.

Vulnerable Systems

Application

  • Video Project Video 7.x-2.0

  • Video Project Video 7.x-2.1

  • Video Project Video 7.x-2.2

  • Video Project Video 7.x-2.3

  • Video Project Video 7.x-2.4

  • Video Project Video 7.x-2.5

  • Video Project Video 7.x-2.6

  • Video Project Video 7.x-2.7

  • Video Project Video 7.x-2.8

  • Video Project Video 7.x-2.x


References

MISC - https://drupal.org/node/1896714

CONFIRM - https://drupal.org/node/1895234

MLIST - [oss-security] 20130124 Re: CVE request for Drupal contributed modules


Last Updated: 27 May 2016 11:02:05