6.4

CVE-2005-3974

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version4.5
DrupalDrupal Version4.5.1
DrupalDrupal Version4.5.2
DrupalDrupal Version4.5.3
DrupalDrupal Version4.5.4
DrupalDrupal Version4.5.5
DrupalDrupal Version4.6
DrupalDrupal Version4.6.1
DrupalDrupal Version4.6.2
DrupalDrupal Version4.6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.69% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/17824
Patch
Vendor Advisory
http://secunia.com/advisories/18630
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-958
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2684
http://drupal.org/files/sa-2005-009/4.6.3.patch
Patch
http://drupal.org/files/sa-2005-009/advisory.txt
Vendor Advisory
http://www.securityfocus.com/archive/1/418336/100/0/threaded
http://www.securityfocus.com/bid/15674
Patch