CVE-2010-3092
EUVD-2010-309321.09.2010, 20:00
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| drupal | drupal | 5.0 |
| drupal | drupal | 5.0:beta1 |
| drupal | drupal | 5.0:beta2 |
| drupal | drupal | 5.0:dev |
| drupal | drupal | 5.0:rc1 |
| drupal | drupal | 5.0:rc2 |
| drupal | drupal | 5.1 |
| drupal | drupal | 5.2 |
| drupal | drupal | 5.3 |
| drupal | drupal | 5.4 |
| drupal | drupal | 5.5 |
| drupal | drupal | 5.6 |
| drupal | drupal | 5.7 |
| drupal | drupal | 5.8 |
| drupal | drupal | 5.9 |
| drupal | drupal | 5.10 |
| drupal | drupal | 5.11 |
| drupal | drupal | 5.12 |
| drupal | drupal | 5.13 |
| drupal | drupal | 5.14 |
| drupal | drupal | 5.15 |
| drupal | drupal | 5.16 |
| drupal | drupal | 5.17 |
| drupal | drupal | 5.18 |
| drupal | drupal | 5.19 |
| drupal | drupal | 5.20 |
| drupal | drupal | 5.21 |
| drupal | drupal | 5.22 |
| drupal | drupal | 6.0 |
| drupal | drupal | 6.0:beta1 |
| drupal | drupal | 6.0:beta2 |
| drupal | drupal | 6.0:beta3 |
| drupal | drupal | 6.0:beta4 |
| drupal | drupal | 6.0:dev |
| drupal | drupal | 6.0:rc1 |
| drupal | drupal | 6.0:rc2 |
| drupal | drupal | 6.0:rc3 |
| drupal | drupal | 6.0:rc4 |
| drupal | drupal | 6.1 |
| drupal | drupal | 6.2 |
| drupal | drupal | 6.3 |
| drupal | drupal | 6.4 |
| drupal | drupal | 6.5 |
| drupal | drupal | 6.6 |
| drupal | drupal | 6.7 |
| drupal | drupal | 6.8 |
| drupal | drupal | 6.9 |
| drupal | drupal | 6.10 |
| drupal | drupal | 6.11 |
| drupal | drupal | 6.12 |
| drupal | drupal | 6.13 |
| drupal | drupal | 6.14 |
| drupal | drupal | 6.15 |
| drupal | drupal | 6.16 |
| drupal | drupal | 6.17 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References