The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Drupal | Drupal | 5.0 (including) | 5.0 (including) |
| Drupal | Drupal | 5.0-beta1 (including) | 5.0-beta1 (including) |
| Drupal | Drupal | 5.0-beta2 (including) | 5.0-beta2 (including) |
| Drupal | Drupal | 5.0-dev (including) | 5.0-dev (including) |
| Drupal | Drupal | 5.0-rc1 (including) | 5.0-rc1 (including) |
| Drupal | Drupal | 5.0-rc2 (including) | 5.0-rc2 (including) |
| Drupal | Drupal | 5.1 (including) | 5.1 (including) |
| Drupal | Drupal | 5.2 (including) | 5.2 (including) |
| Drupal | Drupal | 5.3 (including) | 5.3 (including) |
| Drupal | Drupal | 5.4 (including) | 5.4 (including) |
| Drupal | Drupal | 5.5 (including) | 5.5 (including) |
| Drupal | Drupal | 5.6 (including) | 5.6 (including) |
| Drupal | Drupal | 5.7 (including) | 5.7 (including) |
| Drupal | Drupal | 5.8 (including) | 5.8 (including) |
| Drupal | Drupal | 5.9 (including) | 5.9 (including) |
| Drupal | Drupal | 5.10 (including) | 5.10 (including) |
| Drupal | Drupal | 5.11 (including) | 5.11 (including) |
| Drupal | Drupal | 5.12 (including) | 5.12 (including) |
| Drupal | Drupal | 5.13 (including) | 5.13 (including) |
| Drupal | Drupal | 5.14 (including) | 5.14 (including) |
| Drupal | Drupal | 5.15 (including) | 5.15 (including) |
| Drupal | Drupal | 5.16 (including) | 5.16 (including) |
| Drupal | Drupal | 5.17 (including) | 5.17 (including) |
| Drupal | Drupal | 5.18 (including) | 5.18 (including) |
| Drupal | Drupal | 5.19 (including) | 5.19 (including) |
| Drupal | Drupal | 5.20 (including) | 5.20 (including) |
| Drupal | Drupal | 5.21 (including) | 5.21 (including) |
| Drupal | Drupal | 5.22 (including) | 5.22 (including) |
| Drupal5 | Ubuntu | hardy | * |
| Drupal5 | Ubuntu | jaunty | * |
| Drupal5 | Ubuntu | karmic | * |
| Drupal5 | Ubuntu | upstream | * |
| Drupal6 | Ubuntu | jaunty | * |
| Drupal6 | Ubuntu | karmic | * |
| Drupal6 | Ubuntu | upstream | * |