Description

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Remediation

References

CVE-2008-4790

Related Vulnerabilities

Oracle HTTP Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2015-2808)

Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8375)

PHP Numeric Errors Vulnerability (CVE-2015-2331)

Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)

Severity

Medium

Classification

CVE-2008-4790 CWE-264

Tags

Missing Update Known Vulnerabilities