Description

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Remediation

References

CVE-2008-4790

Related Vulnerabilities

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) SQL Injection (1.5.109)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6104)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8139)

Oracle Database Server CVE-2006-3703 Vulnerability (CVE-2006-3703)

WordPress Plugin WP Security Safe Cross-Site Request Forgery (2.2.2)

Severity

Medium

Classification

CVE-2008-4790 CWE-264

Tags

Missing Update Known Vulnerabilities