DRUPAL-CONTRIB-2018-014

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ckeditor_uploadimage/DRUPAL-CONTRIB-2018-014.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2018-014

Published

2018-02-21T19:04:59Z

Modified

2025-12-10T23:29:50.062472Z

Summary

[none]

Details

This module enables you to drag and drop or paste images into CKEditor.
The module does not sufficiently verify users permissions, which leads to anonymous users being able to upload files to the server.

References

https://www.drupal.org/sa-contrib-2018-014

Credits

- Jean-Francois Hovinne
- - https://www.drupal.org/user/77723

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/ckeditor_uploadimage

Package

Name: drupal/ckeditor_uploadimage
Purl: pkg:composer/drupal/ckeditor_uploadimage

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.5.0

Database specific

{
    "constraint": "<1.5.0"
}

Database specific

affected_versions

"<1.5.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ckeditor_uploadimage/DRUPAL-CONTRIB-2018-014.json"