Lucene search

K
cvelistRedhatCVELIST:CVE-2010-3092
HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3092

2022-10-0316:20:56
redhat
www.cve.org
5
drupal
upload
bypassing restrictions

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

51.4%

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

51.4%