CVE-2008-4792

medium

Description

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45761

http://www.openwall.com/lists/oss-security/2008/10/21/7

http://secunia.com/advisories/32201

http://drupal.org/node/318706

Details

Source: Mitre, NVD

Published: 2008-10-29

Updated: 2018-11-02

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium