File upload access bypass in Drupal Drupal
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) File upload access bypass
EUVDB-ID: #VU536
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unprivileged user to attach files to content and view attached files.
The weakness exists due to logic error in the core upload module validation that allows attackers to access applied files that was forbidden for him before.
Successful exploitation of the vulnerability allows a malicious user to obtain attached files.
Update 5.x to 5.11.
http://ftp.drupal.org/files/projects/drupal-5.11.tar.gz
Update 5.x to 6.5.
http://ftp.drupal.org/files/projects/drupal-6.5.tar.gz
Drupal: 5.0 - 6.4
CPE2.3- cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:*
https://www.drupal.org/node/318706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
