Published: 21/09/2010 Updated: 22/09/2010

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

The upload module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 5.0
drupal drupal 5.10
drupal drupal 5.11
drupal drupal 5.12
drupal drupal 5.13
drupal drupal 5.14
drupal drupal 5.2
drupal drupal 5.3
drupal drupal 5.4
drupal drupal 5.5
drupal drupal 5.19
drupal drupal 5.20
drupal drupal 5.21
drupal drupal 5.22
drupal drupal 5.1
drupal drupal 5.6
drupal drupal 5.8
drupal drupal 5.15
drupal drupal 5.17
drupal drupal 5.7
drupal drupal 5.9
drupal drupal 5.16
drupal drupal 5.18
drupal drupal 6.0
drupal drupal 6.11
drupal drupal 6.12
drupal drupal 6.13
drupal drupal 6.14
drupal drupal 6.3
drupal drupal 6.4
drupal drupal 6.5
drupal drupal 6.6
drupal drupal 6.2
drupal drupal 6.7
drupal drupal 6.9
drupal drupal 6.16
drupal drupal 6.1
drupal drupal 6.8
drupal drupal 6.10
drupal drupal 6.15
drupal drupal 6.17

Several vulnerabilities have been discovered in Drupal 6 a fully-featured content management framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to user accounts CVE-2010-3092 The upload module includes a ...

CWE-264 http://www.debian.org/security/2010/dsa-2113 http://drupal.org/node/880476 http://www.securityfocus.com/bid/42391 http://marc.info/?l=oss-security&m=128418560705305&w=2 http://marc.info/?l=oss-security&m=128440896914512&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-2113

CVE-2010-3092

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect