Description

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

Remediation

References

CVE-2008-4789

Related Vulnerabilities

WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (1.8)

WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)

WordPress Plugin AMP extensions Cross-Site Scripting (1.1)

WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10382)

Severity

Medium

Classification

CVE-2008-4789 CWE-264

Tags

Missing Update Known Vulnerabilities