Description

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."

Remediation

References

CVE-2005-1871

Related Vulnerabilities

Drupal Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6922)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2986)

Chamilo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32925)

WordPress Plugin WP Lead Management Cross-Site Scripting (3.0.0)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)

Severity

High

Classification

CVE-2005-1871

Tags

Missing Update Known Vulnerabilities