5.8

CVE-2008-1729

EPSS 0.62%
Published 11.04.2008 19:05:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Drupal ≫ Drupal Version >= 6.0 < 6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.62%	0.692

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://drupal.org/node/244637

Patch

Vendor Advisory

http://secunia.com/advisories/29762

Third Party Advisory

http://www.osvdb.org/44270

Broken Link

http://www.securityfocus.com/bid/28714

Patch

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/1185/references

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/41755

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-1729

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1729

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1729

EUVD