← back
CVE-2005-3974

CVE-2005-3974

EPSS 1.7%
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupal.org/files/sa-2005-009/4.6.3.patchhttp://drupal.org/files/sa-2005-009/advisory.txthttp://secunia.com/advisories/17824http://secunia.com/advisories/18630http://www.debian.org/security/2006/dsa-958http://www.securityfocus.com/archive/1/418336/100/0/threadedhttp://www.securityfocus.com/bid/15674http://www.vupen.com/english/advisories/2005/2684