Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4790

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4790
Last Modified 05 Feb 2009 01:49:28
Published 29 Oct 2008 11:31:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4790

Summary

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.10

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9


References

CONFIRM - http://drupal.org/node/318706

XF - drupal-uploadmodule-security-bypass(45758)

MLIST - [oss-security] 20081021 CVE req: drupal < 5.11/6.5

SECUNIA - 32200

SECUNIA - 32198


Last Updated: 27 May 2016 10:48:38