Description
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
Remediation
References
Related Vulnerabilities
WordPress Plugin JVM WooCommerce Wishlist Unspecified Vulnerability (1.2.6)
WordPress Plugin Motors-Car Dealer & Classified Ads Multiple Vulnerabilities (1.4.0)
WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.6.8)
MySQL CVE-2017-3460 Vulnerability (CVE-2017-3460)
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)