4

CVE-2012-4495

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mime Mail Module ProjectMimemail Version6.x-1.0
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha1
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha2
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha3
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha4
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha5
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha6
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha7
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatealpha8
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatebeta1
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.0 Updatebeta2
   DrupalDrupal Version-
Mime Mail Module ProjectMimemail Version6.x-1.x Updatedev
   DrupalDrupal Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.554
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/1719482
Patch
Vendor Advisory