Drupal Permissions Privileges and Access Controls Vulnerability - CVE-2010-3092 - Vulnerability Database

Drupal Permissions Privileges and Access Controls Vulnerability - CVE-2010-3092

Medium
Reference: CVE-2010-3092
Title: Drupal Permissions Privileges and Access Controls Vulnerability
Overview:

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.