CVE-2008-4790

medium

Description

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45758

http://www.openwall.com/lists/oss-security/2008/10/21/7

http://secunia.com/advisories/32200

http://secunia.com/advisories/32198

http://drupal.org/node/318706

Details

Source: Mitre, NVD

Published: 2008-10-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium