Vulnerabilities > Services Project > Services > 7.x.3.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-15 | CVE-2015-4394 | Permissions, Privileges, and Access Controls vulnerability in Services Project Services The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. | 5.0 |
2015-06-15 | CVE-2015-4393 | Improper Input Validation vulnerability in Services Project Services The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename. | 6.0 |