WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3092)

Description

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Remediation

References

Related Vulnerabilities

WordPress Plugin GN Publisher: Google News Compatible RSS Feeds Cross-Site Scripting (1.5.5)

PHP Other Vulnerability (CVE-2015-8866)

ownCloud Improper Authentication Vulnerability (CVE-2023-49105)

WordPress Plugin WP Job Manager Cross-Site Scripting (1.23.7)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220)

Severity

Medium

Classification

CVE-2010-3092 CWE-264

Tags

Missing Update Known Vulnerabilities