Описание
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.10 (включая)
Одно из
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00245
Низкий
6 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
около 17 лет назад
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
debian
около 17 лет назад
The core upload module in Drupal 5.x before 5.11 allows remote authent ...
github
больше 3 лет назад
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
EPSS
Процентиль: 48%
0.00245
Низкий
6 Medium
CVSS2
Дефекты
CWE-264