Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2271

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2271
Last Modified 07 Mar 2011 10:08:56
Published 16 May 2008 08:54:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2271

Summary

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

Vulnerable Systems

Application

  • Drupal 5.7

  • Drupal 6.2

  • Drupal Site Documentation Module 1.0

  • Drupal Site Documentation Module 1.7


References

VUPEN - ADV-2008-1541

SECUNIA - 30257

CONFIRM - http://drupal.org/node/258547

XF - site-access-content-info-disclosure(42453)

BID - 29242


Last Updated: 27 May 2016 10:47:48