5.5

CVE-2008-3745

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version6.0
DrupalDrupal Version6.1
DrupalDrupal Version6.2
DrupalDrupal Version6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.688
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/295053
Patch
http://secunia.com/advisories/31825
http://www.securityfocus.com/bid/30689
http://www.vupen.com/english/advisories/2008/2392
https://bugzilla.redhat.com/show_bug.cgi?id=459108
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44458