6.5

CVE-2010-2473

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version >= 5.0 < 5.22
DrupalDrupal Version >= 6.0 < 6.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.585
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.drupal.org/node/731710
Patch
Vendor Advisory
https://www.openwall.com/lists/oss-security/2010/06/28/8
Third Party Advisory
Mailing List
https://security-tracker.debian.org/tracker/CVE-2010-2473
Third Party Advisory