Lucene search
HistoryOct 29, 2008 - 3:31 p.m.
CVE-2008-4790
drupal
cve-2008-4790
upload module
remote authenticated users
access restrictions
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.3%
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read “files attached to content” via unknown vectors.
Affected configurations
Node
drupaldrupalRange≤5.10
ORdrupaldrupalMatch5.0
ORdrupaldrupalMatch5.0beta1
ORdrupaldrupalMatch5.0beta2
ORdrupaldrupalMatch5.0rc1
ORdrupaldrupalMatch5.0rc2
ORdrupaldrupalMatch5.1
ORdrupaldrupalMatch5.2
ORdrupaldrupalMatch5.3
ORdrupaldrupalMatch5.4
ORdrupaldrupalMatch5.5
ORdrupaldrupalMatch5.6
ORdrupaldrupalMatch5.7
ORdrupaldrupalMatch5.8
ORdrupaldrupalMatch5.9
Related
ubuntucve
ubuntucve
CVE-2008-4790
2008-10-29 00:00:00
cvelist
cvelist
CVE-2008-4790
2008-10-29 15:00:00
prion
prion
Design/Logic Flaw
2008-10-29 15:31:00
nvd
nvd
CVE-2008-4790
2008-10-29 15:31:35
openvas
openvas
Drupal Core Multiple Vulnerabilities
2008-11-04 00:00:00
nessus
nessus
Drupal 5.x < 5.11 / 6.x < 6.5 Multiple Vulnerabilities (SA-2008-060)
2020-03-30 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.3%
Related for CVE-2008-4790