WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3092)

Description

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Remediation

References

Related Vulnerabilities

ATutor Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3368)

Microsoft SQL Server Other Vulnerability (CVE-2002-1138)

WordPress Plugin Easy Contact Form Builder Cross-Site Scripting (1.0)

WordPress Plugin Profile Builder Pro SQL Injection (3.3.2)

WordPress Plugin NewsPlugin Cross-Site Request Forgery (1.0.18)

Severity

Medium

Classification

CVE-2010-3092 CWE-264

Tags

Missing Update Known Vulnerabilities