6.5 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.3%
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the “access user profiles” permission.
drupal.org/files/sa-2005-009/4.6.3.patch
drupal.org/files/sa-2005-009/advisory.txt
secunia.com/advisories/17824
secunia.com/advisories/18630
www.debian.org/security/2006/dsa-958
www.securityfocus.com/archive/1/418336/100/0/threaded
www.securityfocus.com/bid/15674
www.vupen.com/english/advisories/2005/2684