CVE-2013-0206 : Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Published 2013-03-19 14:55:03

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2013-0206

Guy Bedford » Live Css » Version: 7.x-2.5
cpe:2.3:a:guy_bedford:live_css:7.x-2.5:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.4
cpe:2.3:a:guy_bedford:live_css:7.x-2.4:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.3
cpe:2.3:a:guy_bedford:live_css:7.x-2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.2
cpe:2.3:a:guy_bedford:live_css:7.x-2.2:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 6.x-2.0
cpe:2.3:a:guy_bedford:live_css:6.x-2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.0
cpe:2.3:a:guy_bedford:live_css:7.x-2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.x-dev
cpe:2.3:a:guy_bedford:live_css:7.x-2.x-dev:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.6
cpe:2.3:a:guy_bedford:live_css:7.x-2.6:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.1
cpe:2.3:a:guy_bedford:live_css:7.x-2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Guy Bedford » Live Css » Version: 7.x-2.0-beta1
cpe:2.3:a:guy_bedford:live_css:7.x-2.0-beta1:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2013-0206

EPSS FAQ

1.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-0206

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2013-0206

http://drupalcode.org/project/live_css.git/commitdiff/ef323c8

Access to this page has been denied.
https://drupal.org/node/1890318

SA-CONTRIB-2013-004 - Live CSS - Arbitrary Code Execution | Drupal.org
Patch;Vendor Advisory
http://drupalcode.org/project/live_css.git/commitdiff/cb7005f

Access to this page has been denied.
http://drupal.org/node/1883978

Access to this page has been denied.
http://drupal.org/node/1883976

Access to this page has been denied.
http://www.openwall.com/lists/oss-security/2013/01/21/5

oss-security - Re: CVE request for Drupal contributed modules

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-0206

Products affected by CVE-2013-0206

Exploit prediction scoring system (EPSS) score for CVE-2013-0206

CVSS scores for CVE-2013-0206

References for CVE-2013-0206