Description

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

Remediation

References

CVE-2008-4791

Related Vulnerabilities

WordPress 5.4.x PHP Object Injection (5.4 - 5.4.5)

WordPress Plugin Catch Themes Demo Import Arbitrary File Upload (1.7)

WordPress Plugin Easy Updates Manager Privilege Escalation (8.0.4)

WordPress Plugin WishList Member X SQL Injection (3.25.1)

Oracle Application Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

Severity

Medium

Classification

CVE-2008-4791 CWE-264

Tags

Missing Update Known Vulnerabilities