Description
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2795 Vulnerability (CVE-2019-2795)
WordPress Plugin WP Statistics Cross-Site Scripting (8.3)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)
Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484)
WordPress Plugin Starbox-the Author Box for Humans Cross-Site Scripting (3.0.8)