Description

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

Remediation

References

CVE-2008-3745

Related Vulnerabilities

MySQL CVE-2019-2801 Vulnerability (CVE-2019-2801)

Oracle JRE CVE-2019-2973 Vulnerability (CVE-2019-2973)

Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)

Oracle Database Server CVE-2024-20903 Vulnerability (CVE-2024-20903)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3759)

Severity

Medium

Classification

CVE-2008-3745 CWE-264

Tags

Missing Update Known Vulnerabilities