Lucene search

[email protected]NVD:CVE-2008-3745

HistoryAug 27, 2008 - 3:21 p.m.

CVE-2008-3745

2008-08-2715:21:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

62.3%

JSON

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.

Affected configurations

Nvd

Node

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupalupload_module

References

drupal.org/node/295053

secunia.com/advisories/31825

www.securityfocus.com/bid/30689

www.vupen.com/english/advisories/2008/2392

bugzilla.redhat.com/show_bug.cgi?id=459108

exchange.xforce.ibmcloud.com/vulnerabilities/44458

www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

62.3%

JSON

Related for NVD:CVE-2008-3745

ubuntucve1 prion1 cve1 cvelist1 fedora1 nessus3 openvas4 freebsd1