Vulnerabilities > CVE-2015-2087 - Unspecified vulnerability in Avatar Uploader Project Avatar Uploader 6.X1.0/6.X1.1/6.X1.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |