CVE-2008-2271

2008-05-1612:54:00

CWE-269

[email protected]

web.nvd.nist.gov

site documentation

drupal

module

cve-2008-2271

vulnerability

database

access control

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.4%

JSON

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the “access content” permission to list tables and obtain session IDs from the database.

Affected configurations

NVD

Node

site_documentation_projectsite_documentationRange5.x-1.0–5.x-1.8drupal

site_documentation_projectsite_documentationRange6.x-1.0–6.x-1.1drupal

CPENameOperatorVersion
site_documentation_project:site_documentationsite documentation project site documentationlt5.x-1.8
site_documentation_project:site_documentationsite documentation project site documentationlt6.x-1.1

CPE	Name	Operator	Version
site_documentation_project:site_documentation	site documentation project site documentation	lt	5.x-1.8
site_documentation_project:site_documentation	site documentation project site documentation	lt	6.x-1.1