Description

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

Remediation

References

CVE-2008-3745

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7744)

WordPress Plugin WP Print Friendly Cross-Site Scripting (0.6)

WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.6.8)

WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4789)

Severity

Medium

Classification

CVE-2008-3745 CWE-264

Tags

Missing Update Known Vulnerabilities