Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
|
System information
|
| |
|
|
Affected software |
Drupal |
Description
|
Project: Drupal coreDate: 2022-July-20Security risk: Critical 15∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionAffected versions: >= 8.0.0 = 9.4.0 CVE IDs: CVE-2022-25277Description: Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers.Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent
More info:
https://www.drupal.org/sa-core-2022-014 |
Standar resources
|
|
Property |
Value |
|
CVE |
CVE-2022-25277. |
