Description

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."

Remediation

References

CVE-2005-1871

Related Vulnerabilities

silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5087)

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2011-0419)

WordPress Plugin WooCommerce Multi Currency-Currency Switcher Security Bypass (2.1.17)

Oracle Database Server Other Vulnerability (CVE-2002-0857)

WordPress Plugin Invite Anyone Security Bypass (1.3.14)

Severity

High

Classification

CVE-2005-1871

Tags

Missing Update Known Vulnerabilities