WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3092)

Description

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2013-5838 Vulnerability (CVE-2013-5838)

WordPress Plugin Matrix Gallery 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin WP Mega Menu Unspecified Vulnerability (1.4.1)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29045)

WebLogic CVE-2021-2135 Vulnerability (CVE-2021-2135)

Severity

Medium

Classification

CVE-2010-3092 CWE-264

Tags

Missing Update Known Vulnerabilities