The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-10-29 15:31
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4790
Mitre link : CVE-2008-4790
CVE.ORG link : CVE-2008-4790
JSON object : View
Products Affected
drupal
- drupal
CWE
CWE-264
Permissions, Privileges, and Access Controls