All the vulnerabilites related to quicksketch - filefield
Vulnerability from fkie_nvd
Published
2009-10-26 17:30
Modified
2024-11-21 01:08
Severity ?
Summary
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quicksketch | filefield | 6.x-3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5157C153-BECD-4169-BCF7-FB8B6D99FB98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n filefield_file_download en m\u00f3dulo de Drupal, FileField v6.x-3.1, no comprueba de forma adecuada los permisos de acceso al nodo para los ficheros privados del n\u00facleo, lo que permite a los atacantes remotos acceder a ficheros no autorizados a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-3781",
"lastModified": "2024-11-21T01:08:09.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-26T17:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://drupal.org/node/516104"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://drupal.org/node/609874"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://drupal.org/node/611128"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37130"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36792"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://drupal.org/node/516104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://drupal.org/node/609874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://drupal.org/node/611128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53897"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-21 19:30
Modified
2024-11-21 01:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "104D78D6-34CA-4779-9D41-807C2C89BD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21DF5C36-F84A-4008-869F-01FB6EF9913A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0713728F-D5A1-4898-9042-8C2466966404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86788078-AB86-431B-A36D-90A37FBDA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC1CF20-8024-4DD7-A57F-F547E1BAFE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EAB8E63D-9D9C-4681-8860-DE3829BC125E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B6E851FC-5241-48D2-A89D-960296DBE107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "75BF107F-4C49-4254-AD3D-BB5F327EB86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7E07E3-9EB2-4E8F-8DCC-FF1A21648352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:5.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "0121B09D-8A5B-41A7-AF88-1C5E9DF2F8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C1E4D3FE-6B93-4888-9596-6419DEB7414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "61B24B1E-980D-4272-AE2B-AF09D6C948D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CF208318-2CB9-417F-9D92-C7D3D6688C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F3BE7A55-F2C4-441F-B40D-9253D13EC3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6C636D59-DF41-4824-A369-C9C07A096EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7B30E691-8BCE-412E-9E3E-037C15F0B585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83FC3D58-5EDF-4F85-9652-9BF8826D1DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "B98C715F-CE0D-4AF9-9515-7220A10FA10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "1D8D9756-B97C-4A62-9739-67418E0EE537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D11BE48A-3D97-4139-919B-4B43760744DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "C371F3D3-3D4F-44CB-AD1C-802CF378E034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "5DDD9453-D6EB-4D09-8781-B3C9F9ECE31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "7B727EAD-8690-446B-B931-72B43D6A8C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "5AE5855D-9B2E-4822-B022-98E4600D281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "44C72DDE-97F1-4B58-AF7D-AFBE46615839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4FAE4259-7476-402E-8FEE-BD41CF895629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6F769591-CD7F-4931-9E38-A6606384E954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D7E863E5-D466-4A81-8870-795B9991F9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "989E928E-AB25-4B0E-B23E-28825343EA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D594C4E-435D-4083-9FF3-A3533519BC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64F51F45-06D5-42A8-B0AC-ED403E218F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BF74CD-6272-4586-A2CB-2B5DDB6E6D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quicksketch:filefield:6.x-3.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "4F887AE9-1116-4460-AE88-54E92CCA49C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and \u0027Path to File\u0027 or \u0027URL to File\u0027 display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter)."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo FileField v5.x anteriores a v5.x-2.5 y v6.x anteriores a v6.x-3.4 para Drupal. Permite a usuarios remotos autenticados, con permisos de creacci\u00f3n o edici\u00f3n y la caracter\u00edsitica de \"Ruta a fichero\" o \"URL a fichero\" activada, inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del nombre de fichero (par\u00e1metro filepath)."
}
],
"id": "CVE-2010-1958",
"lastModified": "2024-11-21T01:15:33.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-21T19:30:01.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/829808"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/65611"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40186"
},
{
"source": "cve@mitre.org",
"url": "http://www.madirish.net/?article=461"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40923"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/829808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.madirish.net/?article=461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-1958
Vulnerability from cvelistv5
Published
2010-06-21 19:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/65611 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59500 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/829808 | x_refsource_CONFIRM | |
| http://www.madirish.net/?article=461 | x_refsource_MISC | |
| http://secunia.com/advisories/40186 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/40923 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65611"
},
{
"name": "filefieldmodule-filepath-xss(59500)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/829808"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/?article=461"
},
{
"name": "40186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40186"
},
{
"name": "40923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and \u0027Path to File\u0027 or \u0027URL to File\u0027 display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65611"
},
{
"name": "filefieldmodule-filepath-xss(59500)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/829808"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/?article=461"
},
{
"name": "40186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40186"
},
{
"name": "40923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and \u0027Path to File\u0027 or \u0027URL to File\u0027 display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65611",
"refsource": "OSVDB",
"url": "http://osvdb.org/65611"
},
{
"name": "filefieldmodule-filepath-xss(59500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59500"
},
{
"name": "http://drupal.org/node/829808",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/829808"
},
{
"name": "http://www.madirish.net/?article=461",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=461"
},
{
"name": "40186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40186"
},
{
"name": "40923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1958",
"datePublished": "2010-06-21T19:00:00",
"dateReserved": "2010-05-19T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3781
Vulnerability from cvelistv5
Published
2009-10-26 17:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/516104 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36792 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/611128 | x_refsource_CONFIRM | |
| http://drupal.org/node/609874 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53897 | vdb-entry, x_refsource_XF | |
| http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37130 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/516104"
},
{
"name": "36792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36792"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/611128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/609874"
},
{
"name": "filefield-nodeaccess-security-bypass(53897)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch"
},
{
"name": "37130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/516104"
},
{
"name": "36792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36792"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/611128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/609874"
},
{
"name": "filefield-nodeaccess-security-bypass(53897)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch"
},
{
"name": "37130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/516104",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/516104"
},
{
"name": "36792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36792"
},
{
"name": "http://drupal.org/node/611128",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/611128"
},
{
"name": "http://drupal.org/node/609874",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/609874"
},
{
"name": "filefield-nodeaccess-security-bypass(53897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53897"
},
{
"name": "http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch",
"refsource": "CONFIRM",
"url": "http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch"
},
{
"name": "37130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3781",
"datePublished": "2009-10-26T17:00:00",
"dateReserved": "2009-10-26T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}