5 matches found
Drupal Mime Mail Module文件附件安全绕过漏洞
Bugtraq ID:65996 Drupal是一套开放源码的内容管理平台。 Drupal Mime Mail Module不正确校验附件文件路径,允许远程攻击者利用漏洞添加任意文件并获取敏感信息。 0 Drupal Mime Mail Module 6.x 厂商补丁: Drupal ----- Drupal Mime Mail Module 6.x-1.4已经修复该漏洞,建议用户下载更新: https://drupal.org/node/2211419...
CVE-2012-4495
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...
Design/Logic Flaw
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...
CVE-2012-4495
CVE-2012-4495 affects the Drupal Mime Mail module (6.x-1.x before 6.x-1.1). The root cause is improper restriction of access to files outside Drupal’s publish files directory, allowing remote authenticated users to send arbitrary files as attachments. Impact is that authenticated users can attach...
CVE-2012-4495
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...