Directory Traversal Vulnerability in Avatar Uploader Module for Drupal
CVE-2014-9155

Currently unrated

Key Information:

Vendor: Avatar Uploader Project
Status: Avatar Uploader
Vendor: CVE Published:; 1 December 2014

🔔 Create Avatar Uploader Project Vulnerability Alert

What is CVE-2014-9155?

A critical directory traversal vulnerability exists in the Avatar Uploader module for Drupal, affecting specific versions of the module. This flaw permits remote authenticated users to manipulate file paths in a way that allows them to access arbitrary files on the server. By using a '..' sequence in the path while uploading or cropping images, attackers can breach file system security, potentially exposing sensitive information. It is essential for users running affected versions to apply the latest patches to mitigate this risk and ensure the integrity of their sites.

References

https://www.drupal.org/node/2330763

x_refsource_CONFIRM

https://www.drupal.org/node/2330759

x_refsource_CONFIRM

https://www.drupal.org/node/2332169

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 1, 2014

CVE-2014-9155 Data

JSON