CVE-2005-3974

Sažetak

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Reference

http://drupal.org/files/sa-2005-009/4.6.3.patch
http://drupal.org/files/sa-2005-009/advisory.txt
http://secunia.com/advisories/17824
http://secunia.com/advisories/18630
http://www.debian.org/security/2006/dsa-958
http://www.securityfocus.com/archive/1/418336/100/0/threaded
http://www.securityfocus.com/bid/15674
http://www.vupen.com/english/advisories/2005/2684

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:39

Objavljeno

03-12-2005 - 19:03