CVE-2014-5170

Low

Low Medium High Critical

CVSS Score

Published: Mar 29, 2018

Last Modified: Nov 21, 2024

Vulnerability Description

The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.

Known Affected Software

7 configuration(s) from 1 vendor(s)

storage_api

Version:

7.x-1.4

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.4:*:*:*:*:*:*:*

storage_api

Version:

7.x-1.5

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.5:*:*:*:*:*:*:*

storage_api

Version:

7.x-1.2

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.2:*:*:*:*:*:*:*

storage_api

Version:

7.x-1.1

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.1:*:*:*:*:*:*:*

storage_api

Version:

7.x-1.3

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.3:*:*:*:*:*:*:*

storage_api

Version:

7.x-1.0

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.0:*:*:*:*:*:*:*

storage_api

Version:

7.x-1.x-dev

CPE:

cpe:2.3:a:drupal:storage_api:7.x-1.x-dev:*:*:*:*:*:*:*

This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-20 Top 25 #14

Improper Input Validation

Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class