Description

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.

Remediation

References

CVE-2008-1729

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.13.39)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35415)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.25)

WordPress Plugin iPanorama 360 WordPress Virtual Tour Builder Cross-Site Scripting (1.6.21)

WordPress Plugin AmazonFeed Cross-Site Scripting (2.1)

Severity

Medium

Classification

CVE-2008-1729

Tags

Missing Update Known Vulnerabilities