6

CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version >= 5.0 < 5.11
DrupalDrupal Version >= 6.0 < 6.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.28% 0.663
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/318706
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/10/21/7
Third Party Advisory
Mailing List
http://secunia.com/advisories/32201
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45761
Third Party Advisory
VDB Entry