CVE-2018-9205
N/A
N/A
Summary
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Robbin Zhao | avatar_uploader | unspecified < 7.x-1.0-beta8 | affected |
Weaknesses
- Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8
ADP Enrichment
CVE Program Container
Additional References
- http://www.vapidlabs.com/advisory.php?v=202
- https://www.exploit-db.com/exploits/44501/
- https://www.drupal.org/project/avatar_uploader
- https://www.drupal.org/project/avatar_uploader/issues/2957966
References
- http://www.vapidlabs.com/advisory.php?v=202
- https://www.exploit-db.com/exploits/44501/
- https://www.drupal.org/project/avatar_uploader
- https://www.drupal.org/project/avatar_uploader/issues/2957966
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.