drupal

2010-08-22

Page content

Author: Miklos Vajna
Vulnerable: 5.22-2locris1
Unaffected: 5.23-1locris1

A weakness and a vulnerability have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions.

The weakness is caused due to an error in the upload module, which does not properly check uploaded file names for case sensitivity and grants access to the earlier uploaded file. This can be exploited to download otherwise restricted files by uploading similarly named file with different letter casing.
An error in the comment module does not properly check for access permissions before republishing previously unpublished comments. Successful exploitation of this vulnerability requires “post comments without approval” permissions.

Bug Tracker URL: http://bugs.frugalware.org/task/4285

CVEs:

No CVE, see http://drupal.org/node/880476.