Description

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Remediation

References

CVE-2005-3974

Related Vulnerabilities

Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)

WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.3.0)

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4121)

MySQL CVE-2022-21425 Vulnerability (CVE-2022-21425)

WordPress Plugin WordPress Books Gallery Cross-Site Request Forgery (4.4.8)

Severity

Medium

Classification

CVE-2005-3974

Tags

Missing Update Known Vulnerabilities