Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1729

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-1729
Last Modified 07 Mar 2011 10:07:32
Published 11 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1729

Summary

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.

Vulnerable Systems

Application

  • Drupal 6.0

  • Drupal 6.1


References

BID - 28714

CONFIRM - http://drupal.org/node/244637

XF - drupal-menusystem-security-bypass(41755)

VUPEN - ADV-2008-1185

OSVDB - 44270

SECUNIA - 29762


Last Updated: 27 May 2016 10:47:38