Description
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Remediation
References
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2021-21606)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5624)
WordPress Plugin WP Symposium Cross-Site Scripting (11.11.26)