PT-2018-18911 · Drupal · Avatar Uploader
Larry W. Cashdollar
·
Publicado
2018-04-04
·
Atualizado
2018-05-21
·
CVE-2018-9205
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
avatar uploader version 7.x-1.0-beta8
Description
The issue arises from the code in view.php, which fails to verify users and sanitize the file path, potentially leading to unauthorized access or malicious file uploads.
Recommendations
For avatar uploader version 7.x-1.0-beta8, consider implementing user verification and sanitizing file paths in the view.php code to prevent exploitation. As a temporary workaround, restrict access to the view.php file until a proper fix is applied.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Avatar Uploader