The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read files attached to content via unknown vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Drupal | Drupal | * | 5.10 (including) |
| Drupal | Drupal | 5.0 (including) | 5.0 (including) |
| Drupal | Drupal | 5.0-beta1 (including) | 5.0-beta1 (including) |
| Drupal | Drupal | 5.0-beta2 (including) | 5.0-beta2 (including) |
| Drupal | Drupal | 5.0-rc1 (including) | 5.0-rc1 (including) |
| Drupal | Drupal | 5.0-rc2 (including) | 5.0-rc2 (including) |
| Drupal | Drupal | 5.1 (including) | 5.1 (including) |
| Drupal | Drupal | 5.2 (including) | 5.2 (including) |
| Drupal | Drupal | 5.3 (including) | 5.3 (including) |
| Drupal | Drupal | 5.4 (including) | 5.4 (including) |
| Drupal | Drupal | 5.5 (including) | 5.5 (including) |
| Drupal | Drupal | 5.6 (including) | 5.6 (including) |
| Drupal | Drupal | 5.7 (including) | 5.7 (including) |
| Drupal | Drupal | 5.8 (including) | 5.8 (including) |
| Drupal | Drupal | 5.9 (including) | 5.9 (including) |
| Drupal5 | Ubuntu | gutsy | * |
| Drupal5 | Ubuntu | hardy | * |
| Drupal5 | Ubuntu | intrepid | * |
| Drupal5 | Ubuntu | upstream | * |
References
- http://drupal.org/node/318706
- http://secunia.com/advisories/32198
- http://secunia.com/advisories/32200
- http://www.openwall.com/lists/oss-security/2008/10/21/7
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45758
- http://drupal.org/node/318706
- http://secunia.com/advisories/32198
- http://secunia.com/advisories/32200
- http://www.openwall.com/lists/oss-security/2008/10/21/7
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45758