File upload access bypass in Drupal - #VU536
Published: September 19, 2016
Vulnerability identifier: #VU536
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote unprivileged user to attach files to content and view attached files.
The weakness exists due to logic error in the core upload module validation that allows attackers to access applied files that was forbidden for him before.
Successful exploitation of the vulnerability allows a malicious user to obtain attached files.
The weakness exists due to logic error in the core upload module validation that allows attackers to access applied files that was forbidden for him before.
Successful exploitation of the vulnerability allows a malicious user to obtain attached files.
Remediation
Update 5.x to 5.11.
http://ftp.drupal.org/files/projects/drupal-5.11.tar.gz
Update 5.x to 6.5.
http://ftp.drupal.org/files/projects/drupal-6.5.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.11.tar.gz
Update 5.x to 6.5.
http://ftp.drupal.org/files/projects/drupal-6.5.tar.gz