CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/258547	Vendor Advisory
http://secunia.com/advisories/30257	Third Party Advisory
http://www.securityfocus.com/bid/29242	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1541/references	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42453	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:site_documentation_project:site_documentation::::::drupal::*
	cpe:2.3:a:site_documentation_project:site_documentation::::::drupal::*

History

No history.

Information

Published : 2008-05-16 12:54

Updated : 2024-02-28 11:21

NVD link : CVE-2008-2271

Mitre link : CVE-2008-2271

CVE.ORG link : CVE-2008-2271

JSON object : View

Products Affected

site_documentation_project

site_documentation

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2008-2271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-05-16T12:54:00.000", "references": [{"url": "http://drupal.org/node/258547", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30257", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29242", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1541/references", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42453", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the \"access content\" permission to list tables and obtain session IDs from the database."}, {"lang": "es", "value": "El m\u00f3dulo Site Documentation Drupal 5.x versiones anteriores a 5.x-1.8 y 6.x versiones anteriores a 6.x-1.1 permite a usuarios remotos autenticados conseguir privilegios de otros usuarios utilizando el permiso \"acceso a contenidos\" de la lista de tablas y obtener la sesi\u00f3n IDs de una base de datos."}], "lastModified": "2021-04-19T20:58:39.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:site_documentation_project:site_documentation:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "66B50EBE-BEB7-4C31-845A-D8D0FA155348", "versionEndExcluding": "5.x-1.8", "versionStartIncluding": "5.x-1.0"}, {"criteria": "cpe:2.3:a:site_documentation_project:site_documentation:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "9F070B6A-E3F5-41DE-B93B-A4FA793F21D1", "versionEndExcluding": "6.x-1.1", "versionStartIncluding": "6.x-1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}