The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and attach files to content, related to a logic error.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Drupal | Drupal | * | 6.4 (including) |
| Drupal | Drupal | 6.0 (including) | 6.0 (including) |
| Drupal | Drupal | 6.0-beta1 (including) | 6.0-beta1 (including) |
| Drupal | Drupal | 6.0-beta2 (including) | 6.0-beta2 (including) |
| Drupal | Drupal | 6.0-beta3 (including) | 6.0-beta3 (including) |
| Drupal | Drupal | 6.0-beta4 (including) | 6.0-beta4 (including) |
| Drupal | Drupal | 6.0-rc-1 (including) | 6.0-rc-1 (including) |
| Drupal | Drupal | 6.0-rc-2 (including) | 6.0-rc-2 (including) |
| Drupal | Drupal | 6.0-rc-3 (including) | 6.0-rc-3 (including) |
| Drupal | Drupal | 6.0-rc-4 (including) | 6.0-rc-4 (including) |
| Drupal | Drupal | 6.1 (including) | 6.1 (including) |
| Drupal | Drupal | 6.2 (including) | 6.2 (including) |
| Drupal | Drupal | 6.3 (including) | 6.3 (including) |
References
- http://drupal.org/node/318706
- http://secunia.com/advisories/32198
- http://www.openwall.com/lists/oss-security/2008/10/21/7
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45755
- http://drupal.org/node/318706
- http://secunia.com/advisories/32198
- http://www.openwall.com/lists/oss-security/2008/10/21/7
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45755