Description

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

Remediation

References

CVE-2008-3745

Related Vulnerabilities

Jenkins Improper Input Validation Vulnerability (CVE-2021-21606)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5624)

WordPress Plugin WP Symposium Cross-Site Scripting (11.11.26)

WordPress Plugin WP Prayer Cross-Site Scripting (1.9.6)

Severity

Medium

Classification

CVE-2008-3745 CWE-264

Tags

Missing Update Known Vulnerabilities