Description
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Blocks SQL Injection (5.5.0)
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28838)
WordPress Plugin Related YouTube Videos Cross-Site Request Forgery (1.9.8)
WordPress Plugin Asgaros Forum Cross-Site Scripting (1.15.13)
WordPress Plugin Easy Registration Forms Cross-Site Scripting (2.1.1)