The upload module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 5.0 |
||
drupal drupal 5.10 |
||
drupal drupal 5.11 |
||
drupal drupal 5.12 |
||
drupal drupal 5.13 |
||
drupal drupal 5.14 |
||
drupal drupal 5.2 |
||
drupal drupal 5.3 |
||
drupal drupal 5.4 |
||
drupal drupal 5.5 |
||
drupal drupal 5.19 |
||
drupal drupal 5.20 |
||
drupal drupal 5.21 |
||
drupal drupal 5.22 |
||
drupal drupal 5.1 |
||
drupal drupal 5.6 |
||
drupal drupal 5.8 |
||
drupal drupal 5.15 |
||
drupal drupal 5.17 |
||
drupal drupal 5.7 |
||
drupal drupal 5.9 |
||
drupal drupal 5.16 |
||
drupal drupal 5.18 |
||
drupal drupal 6.0 |
||
drupal drupal 6.11 |
||
drupal drupal 6.12 |
||
drupal drupal 6.13 |
||
drupal drupal 6.14 |
||
drupal drupal 6.3 |
||
drupal drupal 6.4 |
||
drupal drupal 6.5 |
||
drupal drupal 6.6 |
||
drupal drupal 6.2 |
||
drupal drupal 6.7 |
||
drupal drupal 6.9 |
||
drupal drupal 6.16 |
||
drupal drupal 6.1 |
||
drupal drupal 6.8 |
||
drupal drupal 6.10 |
||
drupal drupal 6.15 |
||
drupal drupal 6.17 |