Description

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Remediation

References

CVE-2005-3974

Related Vulnerabilities

Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-2775)

WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)

Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2012-1160)

MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-43281)

YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)

Severity

Medium

Classification

CVE-2005-3974

Tags

Missing Update Known Vulnerabilities