PT-2014-2810 · Drupal · Filefield Sources
Publicado
2014-05-13
·
Atualizado
2014-05-14
·
CVE-2013-4502
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FileField Sources module versions 6.x-1.x through 6.x-1.8
FileField Sources module versions 7.x-1.x through 7.x-1.8
Description
The issue allows remote authenticated users to read arbitrary files by attaching a file, due to improper checking of file permissions.
Recommendations
For FileField Sources module versions 6.x-1.x through 6.x-1.8, update to version 6.x-1.9 or later.
For FileField Sources module versions 7.x-1.x through 7.x-1.8, update to version 7.x-1.9 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Filefield Sources