CVE-2005-3974

CVE-2005-3974

EPSS 1.7%

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://drupal.org/files/sa-2005-009/4.6.3.patch http://drupal.org/files/sa-2005-009/advisory.txt http://secunia.com/advisories/17824 http://secunia.com/advisories/18630 http://www.debian.org/security/2006/dsa-958 http://www.securityfocus.com/archive/1/418336/100/0/threaded http://www.securityfocus.com/bid/15674 http://www.vupen.com/english/advisories/2005/2684