Description
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Banners Cross-Site Scripting (1.4)
Oracle Application Server CVE-2006-0290 Vulnerability (CVE-2006-0290)
Squid Out-of-bounds Read Vulnerability (CVE-2022-41318)
WordPress Plugin WP Reroute Email Cross-Site Request Forgery (1.4.6)
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)