| Vulnerability Name: | CVE-2008-4792 (CCN-45761) | ||||||||
| Assigned: | 2008-10-08 | ||||||||
| Published: | 2008-10-08 | ||||||||
| Updated: | 2018-11-02 | ||||||||
| Summary: | The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P) 4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4792 Source: CCN Type: DRUPAL-SA-2008-060 Drupal core - Multiple vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/318706 Source: CCN Type: SA32201 Drupal User and BlogAPI Security Bypass Vulnerabilities Source: SECUNIA Type: Third Party Advisory 32201 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20081021 CVE req: drupal < 5.11/6.5 Source: CCN Type: OSVDB ID: 49523 Drupal Core BlogAPI Module Internal Form Field Value Manipulation Remote Authentication Bypass Source: XF Type: Third Party Advisory, VDB Entry drupal-blogapi-security-bypass(45761) Source: XF Type: UNKNOWN drupal-blogapi-security-bypass(45761) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||