CVE-2018-9205
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Known Affected Software
1 configuration(s) from 1 vendor(s)
avatar_uploader
Version:
7.x-1.0
CPE:
cpe:2.3:a:drupal:avatar_uploader:7.x-1.0:beta8:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.vapidlabs.com/advisory.php?v=202larry0@me.com Exploit Third Party Advisory
-
https://www.drupal.org/project/avatar_uploaderlarry0@me.com Release Notes Vendor Advisory
-
https://www.drupal.org/project/avatar_uploader/issues/2957966larry0@me.com Vendor Advisory
-
https://www.exploit-db.com/exploits/44501/larry0@me.com Exploit Third Party Advisory VDB Entry
-
http://www.vapidlabs.com/advisory.php?v=202af854a3a-2127-422b-91ae-364da2661108 Exploit Third Party Advisory
-
https://www.drupal.org/project/avatar_uploaderaf854a3a-2127-422b-91ae-364da2661108 Release Notes Vendor Advisory
-
https://www.drupal.org/project/avatar_uploader/issues/2957966af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://www.exploit-db.com/exploits/44501/af854a3a-2127-422b-91ae-364da2661108 Exploit Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-22
Top 25 #6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- Description
- The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can…
- Exploit Likelihood
- High
- Typical Severity
- High
- OWASP Top 10
- A01:2021-Broken Access Control
- Abstraction Level
- Base
Key Information
- Published Date
- April 04, 2018
