Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4792

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4792
Last Modified 28 Jan 2009 01:40:02
Published 29 Oct 2008 11:31:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4792

Summary

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.10

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3

  • Drupal 6.4


References

CONFIRM - http://drupal.org/node/318706

XF - drupal-blogapi-security-bypass(45761)

MLIST - [oss-security] 20081021 CVE req: drupal < 5.11/6.5

SECUNIA - 32201


Last Updated: 27 May 2016 10:48:38