1. CVE-Search
  2. CVE-2008-1729
ID CVE-2008-1729
Summary The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 19-04-2021 - 20:59)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 28714
confirm http://drupal.org/node/244637
osvdb 44270
secunia 29762
vupen ADV-2008-1185
xf drupal-menusystem-security-bypass(41755)
Last major update 19-04-2021 - 20:59
Published 11-04-2008 - 19:05
Last modified 19-04-2021 - 20:59
Back to Top