Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4789

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4789
Last Modified 05 Feb 2009 01:49:28
Published 29 Oct 2008 11:31:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4789

Summary

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

Vulnerable Systems

Application

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3

  • Drupal 6.4


References

CONFIRM - http://drupal.org/node/318706

XF - drupal-uploadmodule-upload-security-bypass(45755)

MLIST - [oss-security] 20081021 CVE req: drupal < 5.11/6.5

SECUNIA - 32198


Last Updated: 27 May 2016 10:48:38