CVE-2008-1729
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/04/2008
Last modified:
09/04/2025
Description
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* | 6.0 (including) | 6.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://drupal.org/node/244637
- http://secunia.com/advisories/29762
- http://www.osvdb.org/44270
- http://www.securityfocus.com/bid/28714
- http://www.vupen.com/english/advisories/2008/1185/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41755
- http://drupal.org/node/244637
- http://secunia.com/advisories/29762
- http://www.osvdb.org/44270
- http://www.securityfocus.com/bid/28714
- http://www.vupen.com/english/advisories/2008/1185/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41755