Description

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

Remediation

References

CVE-2008-4789

Related Vulnerabilities

WordPress Plugin Analytics Remote Code Execution (1.7)

WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)

WordPress Plugin Related Sites 'guid' Parameter SQL Injection (2.1)

WordPress Plugin SEO SQUIRRLY Multiple Unspecified Vulnerabilities (6.1.4)

MySQL CVE-2021-35628 Vulnerability (CVE-2021-35628)

Severity

Medium

Classification

CVE-2008-4789 CWE-264

Tags

Missing Update Known Vulnerabilities