Access bypass in Drupal - CVE-2014-5020
Published: September 14, 2016
Vulnerability identifier: #VU448
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-5020
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to attaching of specially crafted files to the content. Unsufficient checking of attached files by File module expose acess to personal user's data.
Successful exploitation of this vulnerability allows a remote attacker to gain access to potentially sensitive information.
The weakness exists due to attaching of specially crafted files to the content. Unsufficient checking of attached files by File module expose acess to personal user's data.
Successful exploitation of this vulnerability allows a remote attacker to gain access to potentially sensitive information.