Описание
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-3974
- http://drupal.org/files/sa-2005-009/4.6.3.patch
- http://drupal.org/files/sa-2005-009/advisory.txt
- http://secunia.com/advisories/17824
- http://secunia.com/advisories/18630
- http://www.debian.org/security/2006/dsa-958
- http://www.securityfocus.com/archive/1/418336/100/0/threaded
- http://www.securityfocus.com/bid/15674
- http://www.vupen.com/english/advisories/2005/2684
EPSS
CVE ID
Связанные уязвимости
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PH ...
EPSS