|
Description
|
|
A vulnerability has been reported in the Avatar Uploader module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.
Certain unspecified input is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary local files via directory traversal sequences.
The vulnerabilities are reported in versions prior to 6.x-1.2.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Drupal Avatar Uploader Module 6.x
|
|
|
|
|
|
Solution
|
|
Update to version 6.x-1.2.https://www.drupal.org/node/2330763
|
|
|
|
|
|
CVE
|
|
CVE-2014-9155
|
|
|
|
|
|
References
|
|
SA-CONTRIB-2014-084:
https://www.drupal.org/node/2332169
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
