Description

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

Remediation

References

CVE-2008-4789

Related Vulnerabilities

WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Request Forgery (4.7.2)

WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83)

WordPress Plugin WooCommerce Weight Based Shipping Cross-Site Request Forgery (5.4.1)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16219)

Oracle JRE CVE-2013-5809 Vulnerability (CVE-2013-5809)

Severity

Medium

Classification

CVE-2008-4789 CWE-264

Tags

Missing Update Known Vulnerabilities