Description

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Remediation

References

CVE-2008-4790

Related Vulnerabilities

ownCloud Improper Input Validation Vulnerability (CVE-2020-28645)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)

WordPress Plugin WPGraphQL Denial of Service (1.3.5)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.37)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36501)

Severity

Medium

Classification

CVE-2008-4790 CWE-264

Tags

Missing Update Known Vulnerabilities