The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."Referenceshttp://secunia.com/advisories/32198http://drupal.org/node/318706http://www.openwall.com/lists/oss-security/2008/10/21/7https://exchange.xforce.ibmcloud.com/vulnerabilities/45755
