This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Quicksketch First view 2009-10-26
Product Filefield Last view 2010-06-21
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha2:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta1:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta3:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc3:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha1:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha1:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.1:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-1.x-dev:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:rc1:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.4:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta3:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta2:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc2:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.1:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.x-dev:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.1:*:*:*:*:drupal:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha7:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.0:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta2:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha4:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha3:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc4:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.x-dev:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.2:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha6:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.3:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.5:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta1:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha5:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:5.x-2.2:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha2:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-3.3:*:*:*:*:*:*:* 1
cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha3:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
2.1 2010-06-21 CVE-2010-1958

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).

7.5 2009-10-26 CVE-2009-3781

The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-87 Forceful Browsing
CAPEC-104 Cross Zone Scripting

Open Source Vulnerability Database (OSVDB)

id Description
65611 FileField Module for Drupal filepath Parameter XSS
59153 Drupal Core FileField Module Private File System Access Restriction Bypass