The Comment Upload 4.7.x prior to 4.7.x-0.1 and 5.x prior to 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote malicious users to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal comment upload module 4.7 |
||
drupal comment upload module 5.0 |