Description

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Remediation

References

CVE-2010-3092

Related Vulnerabilities

WordPress Plugin YouTube Video Inserter Cross-Site Scripting (1.2.1.0)

Joomla CVE-2012-0819 Vulnerability (CVE-2012-0819)

WordPress Plugin eShop Multiple Vulnerabilities (6.3.14)

Oracle Database Server CVE-2014-6546 Vulnerability (CVE-2014-6546)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5)

Severity

Medium

Classification

CVE-2010-3092 CWE-264

Tags

Missing Update Known Vulnerabilities