6.4
CVE-2005-3974
- EPSS 1.69%
- Veröffentlicht 03.12.2005 19:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.69% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
http://secunia.com/advisories/17824
http://secunia.com/advisories/18630
http://www.debian.org/security/2006/dsa-958
http://www.vupen.com/english/advisories/2005/2684
http://drupal.org/files/sa-2005-009/4.6.3.patch
http://drupal.org/files/sa-2005-009/advisory.txt
http://www.securityfocus.com/archive/1/418336/100/0/threaded
http://www.securityfocus.com/bid/15674