8 matches found
Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...
CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS
Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...
CVE-2022-50957
Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability
Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any po...
Drupal avatar_uploader arbitrary file download vulnerability
avataruploader is the module used to implement the function of uploading user images in a content management system maintained by the Drupal community. A security vulnerability exists in avataruploader version 7.x-1.0-beta8, which is caused by code in the view.php file that fails to validate user...
CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2018-9205
Drupal avatar_uploader v7.x-1.0-beta8 is vulnerable to Local/Arbitrary File Disclosure because view.php does not restrict file paths or verify user permissions, allowing unauthenticated retrieval of arbitrary files from the server (e.g., via uploadDir). The issue is a path traversal style flaw in...