CVE-2005-3974
CVE-2005-3974
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://drupal.org/files/sa-2005-009/4.6.3.patchhttp://drupal.org/files/sa-2005-009/advisory.txthttp://secunia.com/advisories/17824http://secunia.com/advisories/18630http://www.debian.org/security/2006/dsa-958http://www.securityfocus.com/archive/1/418336/100/0/threadedhttp://www.securityfocus.com/bid/15674http://www.vupen.com/english/advisories/2005/2684