CVE-2014-9155CVE-2014-9155

Affected configuration(s):

cpe:/a:avatar_uploader_project:avatar_uploader:6.x-1.0::~~~drupal~~
cpe:/a:avatar_uploader_project:avatar_uploader:6.x-1.1::~~~drupal~~
cpe:/a:avatar_uploader_project:avatar_uploader:7.x-1.0:beta1:~~~drupal~~
cpe:/a:avatar_uploader_project:avatar_uploader:7.x-1.0:beta2:~~~drupal~~
cpe:/a:avatar_uploader_project:avatar_uploader:7.x-1.0:beta3:~~~drupal~~
cpe:/a:avatar_uploader_project:avatar_uploader:7.x-1.0:beta4:~~~drupal~~
cpe:/a:avatar_uploader_project:avatar_uploader:7.x-1.x-dev::~~~drupal~~

Date published: 2014-12-01T11:59:06.017-05:00

Date last modified: 2014-12-05T11:10:56.670-05:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://www.drupal.org/node/2330759

Summary: Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *