7.5
CVE-2008-6908
- EPSS 1.36%
- Veröffentlicht 06.08.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:03:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginServices 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Marc Ingram ≫ Services Version5.x-0.9
Marc Ingram ≫ Services Version5.x-0.91
Marc Ingram ≫ Services Version5.x-1.x-dev
Marc Ingram ≫ Services Version6.x-0.9
Marc Ingram ≫ Services Version6.x-0.11
Marc Ingram ≫ Services Version6.x-0.12
Marc Ingram ≫ Services Version6.x-1.x-dev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.681 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://drupal.org/node/348295
http://osvdb.org/50743
http://www.securityfocus.com/bid/32894
https://exchange.xforce.ibmcloud.com/vulnerabilities/47458