Description
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
Remediation
References
Related Vulnerabilities
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (1.8)
WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)
WordPress Plugin AMP extensions Cross-Site Scripting (1.1)
WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)