Description

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

Remediation

References

CVE-2008-3745

Related Vulnerabilities

MongoDb Other Vulnerability (CVE-2013-2132)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16993)

WordPress Plugin OnePress Social Locker Multiple Cross-Site Scripting Vulnerabilities (4.2.0)

Drupal Cryptographic Issues Vulnerability (CVE-2013-6386)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.6)

Severity

Medium

Classification

CVE-2008-3745 CWE-264

Tags

Missing Update Known Vulnerabilities