Published: 04/04/2018 Updated: 21/05/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal avatar uploader 7.x-1.0

#Title: Drupal avatar_uploader v7x-10-beta8 - Arbitrary File Disclosure #Author: Larry W Cashdollar #Date: 2018-03-30 #CVE-ID: CVE-2018-9205 #Download Site: wwwdrupalorg/project/avatar_uploader #Vendor: wwwdrupalorg/u/robbinzhao #Vendor Notified: 2018-04-02 #Vendor Contact: wwwdrupalorg/project/avatar_uploader/issue ...

Drupal Avatar Uploader module version 7x-10-beta8 suffers from an arbitrary file download vulnerability ...

CWE-22 https://www.drupal.org/project/avatar_uploader/issues/2957966 https://www.drupal.org/project/avatar_uploader http://www.vapidlabs.com/advisory.php?v=202 https://www.exploit-db.com/exploits/44501/https://nvd.nist.gov https://www.exploit-db.com/exploits/44501/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9205

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect