CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
References
Link Resource
http://www.openwall.com/lists/oss-security/2008/10/21/7 Mailing List Third Party Advisory
http://drupal.org/node/318706 Patch Vendor Advisory
http://secunia.com/advisories/32201 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45761 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Information

Published : 2008-10-29 03:31

Updated : 2018-11-02 01:18


NVD link : CVE-2008-4792

Mitre link : CVE-2008-4792

Products Affected
No products.
CWE