Vulnerabilities > CVE-2013-0224 - Configuration vulnerability in Video Project Video

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

video-project

drupal

CWE-16

NVD

Published: 2013-03-19

Updated: 2013-03-21

Summary

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.

Vulnerable Configurations

Part	Description	Count
Application	Video_Project Video Project Video 7.X-2.0 Video Project Video 7.X-2.1 Video Project Video 7.X-2.2 Video Project Video 7.X-2.3 Video Project Video 7.X-2.4 Video Project Video 7.X-2.5 Video Project Video 7.X-2.6 Video Project Video 7.X-2.7 Video Project Video 7.X-2.8 Video Project Video 7.X-2.X	22
Application	Drupal Drupal Drupal -	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www.openwall.com/lists/oss-security/2013/01/25/4
https://drupal.org/node/1895234
https://drupal.org/node/1896714