CVE-2012-2719

Published Jun 27, 2012

Last updated 12 years ago

Overview

Description: The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability."
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE9CDE75-41B9-497B-AC2E-53CD0920B493"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84629523-4848-4734-91B7-ADB05911BF5F"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29A2B3FD-BB38-4AD5-9E7F-7B81E5B3C77D"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E908CEA1-81DE-47FA-91B9-621DB1351F66"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F36014D-DB17-4650-9920-BA282E0FBD5B"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5019B80-6084-412F-9A74-EDC4553F9612"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07103F4F-4475-4821-BDDB-3A8B6E12BDCA"
          },
          {
            "criteria": "cpe:2.3:a:blaine_lang:filedepot:6.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E336526-EC32-442D-86BF-9C6760DDA638"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References