6 matches found
Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...
CVE-2018-9205
creationtimestamp| type| source ---|---|--- 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-23 2025-02-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-02 2025-04-12 00:00:00+00:00| seen| The Shadowserver...
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor Contact:...
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download
Title: Arbitrary file download vulnerability in Drupal module avataruploader v7.x-1.0-beta8 Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID:CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor...
CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2018-9205
Drupal avatar_uploader v7.x-1.0-beta8 is vulnerable to Local/Arbitrary File Disclosure because view.php does not restrict file paths or verify user permissions, allowing unauthenticated retrieval of arbitrary files from the server (e.g., via uploadDir). The issue is a path traversal style flaw in...