Lucene search

K
cve[email protected]CVE-2010-3092
HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3092

2022-10-0316:20:56
CWE-264
web.nvd.nist.gov
28
drupal
upload module
cve-2010-3092
file download restrictions
security vulnerability

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

51.4%

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

Affected configurations

NVD
Node
drupaldrupalMatch5.0
OR
drupaldrupalMatch5.0beta1
OR
drupaldrupalMatch5.0beta2
OR
drupaldrupalMatch5.0dev
OR
drupaldrupalMatch5.0rc1
OR
drupaldrupalMatch5.0rc2
OR
drupaldrupalMatch5.1
OR
drupaldrupalMatch5.2
OR
drupaldrupalMatch5.3
OR
drupaldrupalMatch5.4
OR
drupaldrupalMatch5.5
OR
drupaldrupalMatch5.6
OR
drupaldrupalMatch5.7
OR
drupaldrupalMatch5.8
OR
drupaldrupalMatch5.9
OR
drupaldrupalMatch5.10
OR
drupaldrupalMatch5.11
OR
drupaldrupalMatch5.12
OR
drupaldrupalMatch5.13
OR
drupaldrupalMatch5.14
OR
drupaldrupalMatch5.15
OR
drupaldrupalMatch5.16
OR
drupaldrupalMatch5.17
OR
drupaldrupalMatch5.18
OR
drupaldrupalMatch5.19
OR
drupaldrupalMatch5.20
OR
drupaldrupalMatch5.21
OR
drupaldrupalMatch5.22
Node
drupaldrupalMatch6.0
OR
drupaldrupalMatch6.0beta1
OR
drupaldrupalMatch6.0beta2
OR
drupaldrupalMatch6.0beta3
OR
drupaldrupalMatch6.0beta4
OR
drupaldrupalMatch6.0dev
OR
drupaldrupalMatch6.0rc1
OR
drupaldrupalMatch6.0rc2
OR
drupaldrupalMatch6.0rc3
OR
drupaldrupalMatch6.0rc4
OR
drupaldrupalMatch6.1
OR
drupaldrupalMatch6.2
OR
drupaldrupalMatch6.3
OR
drupaldrupalMatch6.4
OR
drupaldrupalMatch6.5
OR
drupaldrupalMatch6.6
OR
drupaldrupalMatch6.7
OR
drupaldrupalMatch6.8
OR
drupaldrupalMatch6.9
OR
drupaldrupalMatch6.10
OR
drupaldrupalMatch6.11
OR
drupaldrupalMatch6.12
OR
drupaldrupalMatch6.13
OR
drupaldrupalMatch6.14
OR
drupaldrupalMatch6.15
OR
drupaldrupalMatch6.16
OR
drupaldrupalMatch6.17
VendorProductVersionCPE
drupaldrupal5.10cpe:/a:drupal:drupal:5.10:::
drupaldrupal5.21cpe:/a:drupal:drupal:5.21:::
drupaldrupal5.14cpe:/a:drupal:drupal:5.14:::
drupaldrupal5.12cpe:/a:drupal:drupal:5.12:::
drupaldrupal5.22cpe:/a:drupal:drupal:5.22:::
drupaldrupal5.0cpe:/a:drupal:drupal:5.0:dev::
drupaldrupal5.0cpe:/a:drupal:drupal:5.0:::
drupaldrupal5.0cpe:/a:drupal:drupal:5.0:beta1::
drupaldrupal5.6cpe:/a:drupal:drupal:5.6:::
drupaldrupal5.17cpe:/a:drupal:drupal:5.17:::
Rows per page:
1-10 of 281

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

51.4%