Описание
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 5.7-1ubuntu1.3 |
| jaunty | ignored | end of life |
| karmic | released | 5.18-1.1ubuntu2.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | released | 5.23 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | DNE | |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 6.16-1 |
| maverick | not-affected | |
| natty | not-affected | |
| upstream | released | 6.18, 6.16-1 |
Показывать по
Ссылки на источники
5.5 Medium
CVSS2
Связанные уязвимости
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does n ...
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
5.5 Medium
CVSS2