5.8

CVE-2008-1729

EPSS 0.62%
Veröffentlicht 11.04.2008 19:05:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drupal ≫ Drupal Version >= 6.0 < 6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.692

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://drupal.org/node/244637

Patch

Vendor Advisory

http://secunia.com/advisories/29762

Third Party Advisory

http://www.osvdb.org/44270

Broken Link

http://www.securityfocus.com/bid/28714

Patch

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/1185/references

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/41755

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-1729

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1729

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1729

EUVD