Vulnerability Details CVE-2012-2719
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v2 Score 5.1
References
- http://drupal.org/node/1598782
- http://drupal.org/node/1608864
- http://secunia.com/advisories/49316
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82575
- http://drupal.org/node/1598782
- http://drupal.org/node/1608864
- http://secunia.com/advisories/49316
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82575
Products affected by CVE-2012-2719
-
cpe:2.3:a:blaine_lang:filedepot:6.x-1.0
-
cpe:2.3:a:blaine_lang:filedepot:6.x-1.1
-
cpe:2.3:a:blaine_lang:filedepot:6.x-1.2
-
cpe:2.3:a:blaine_lang:filedepot:6.x-1.x
-
cpe:2.3:a:drupal:drupal:-