Vulnerabilities > CVE-2013-0206 - Unspecified vulnerability in GUY Bedford Live CSS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. CWE-434: Unrestricted Upload of File with Dangerous Type
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 | |
Application | 1 |