Arbitrary PHP Code Execution in Drupal Video Module 7.x-2.x

Arbitrary PHP Code Execution in Drupal Video Module 7.x-2.x

CVE-2013-0224 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file.

Learn more about our User Device Pen Test.