CVE-2022-25277

CWE-434Unrestricted File Upload7 documents5 sources
Severity
7.2HIGH
EPSS
0.3%
top 47.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Drupal CoreDrupal Drupal
Timeline
PublishedApr 26

Description

Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

CVEListV5drupal/core9.49.4.3+1
Packagistdrupal/core8.0.09.3.19+1
NVDdrupal/drupal8.0.09.3.19+1

🔴Vulnerability Details

5
CVEList
CVE-2022-25277: Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filename2023-04-26
OSV
CVE-2022-25277: Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filename2023-04-26
GHSA
Drupal core arbitrary PHP code execution2022-08-06
OSV
Drupal core arbitrary PHP code execution2022-08-06
OSV
CVE-2022-25277: *Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers2022-07-20

📋Vendor Advisories

1
Drupal
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-0142022-07-20
CVE-2022-25277 (HIGH CVSS 7.2) | Drupal core sanitizes filenames wit | cvebase.io