Description

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

Remediation

References

CVE-2008-4791

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)

WordPress Plugin WP to Twitter Cross-Site Scripting (3.0.5)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42113)

TCExam Missing Authorization Vulnerability (CVE-2023-6554)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Cross-Site Scripting (5.0.6)

Severity

Medium

Classification

CVE-2008-4791 CWE-264

Tags

Missing Update Known Vulnerabilities