CVE-2008-1729

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 6.2

Description The issue affects the menu system, allowing remote attackers to edit profile pages of arbitrary users and obtain sensitive information from tracker and blog pages due to a missing check for the access content permission. Additionally, remote authenticated users with administration page view access can edit content types.

Recommendations For versions prior to 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to administration pages and sensitive user information until the update can be applied.