Vulnerabilities > Avatar Uploader Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-26 | CVE-2015-2087 | Unspecified vulnerability in Avatar Uploader Project Avatar Uploader 6.X1.0/6.X1.1/6.X1.2 Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors. | 6.5 |
2014-12-01 | CVE-2014-9155 | Path Traversal vulnerability in Avatar Uploader Project Avatar Uploader Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. | 4.0 |