Описание
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4 (включая)
Одно из
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc-1:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc-2:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc-3:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:rc-4:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00221
Низкий
6 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
debian
больше 16 лет назад
The validation functionality in the core upload module in Drupal 6.x b ...
github
около 3 лет назад
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
EPSS
Процентиль: 45%
0.00221
Низкий
6 Medium
CVSS2
Дефекты
CWE-264