Description

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Remediation

References

CVE-2005-3974

Related Vulnerabilities

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3092)

WordPress Plugin RestroPress-Online Food Ordering System Security Bypass (2.8.3)

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

WordPress Plugin Relevanssi-A Better Search SQL Injection (3.2)

Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)

Severity

Medium

Classification

CVE-2005-3974

Tags

Missing Update Known Vulnerabilities