Lucene search

[email protected]CVE-2008-2271

HistoryMay 16, 2008 - 12:54 p.m.

CVE-2008-2271

2008-05-1612:54:00

CWE-269

[email protected]

web.nvd.nist.gov

site documentation

drupal

module

cve-2008-2271

vulnerability

database

access control

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the “access content” permission to list tables and obtain session IDs from the database.

Affected configurations

NVD

Node

site_documentation_projectsite_documentationRange5.x-1.0–5.x-1.8drupal

site_documentation_projectsite_documentationRange6.x-1.0–6.x-1.1drupal

CPENameOperatorVersion
site_documentation_project:site_documentationsite documentation project site documentationlt5.x-1.8
site_documentation_project:site_documentationsite documentation project site documentationlt6.x-1.1

CPE	Name	Operator	Version
site_documentation_project:site_documentation	site documentation project site documentation	lt	5.x-1.8
site_documentation_project:site_documentation	site documentation project site documentation	lt	6.x-1.1

References

drupal.org/node/258547

secunia.com/advisories/30257

www.securityfocus.com/bid/29242

www.vupen.com/english/advisories/2008/1541/references

exchange.xforce.ibmcloud.com/vulnerabilities/42453

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2008-2271

nessus1 prion1 nvd1 cvelist1