CVE-2008-4789

medium

Description

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45755

http://www.openwall.com/lists/oss-security/2008/10/21/7

http://secunia.com/advisories/32198

http://drupal.org/node/318706

Details

Source: Mitre, NVD

Published: 2008-10-29

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N