Description

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Remediation

References

CVE-2008-4790

Related Vulnerabilities

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-43824)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.17)

Severity

Medium

Classification

CVE-2008-4790 CWE-264

Tags

Missing Update Known Vulnerabilities