Description

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

Remediation

References

CVE-2008-4791

Related Vulnerabilities

WordPress Plugin wpCentral Privilege Escalation (1.5.0)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37695)

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)

WordPress Plugin Media Search Enhanced SQL Injection (0.6.0)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643)

Severity

Medium

Classification

CVE-2008-4791 CWE-264

Tags

Missing Update Known Vulnerabilities