PT-2008-3763 · Drupal · Drupal Site Documentation Module

Published

2008-05-16

Updated

2021-04-19

CVE-2008-2271

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: The Site Documentation Drupal module versions 5.x before 5.x-1.8 The Site Documentation Drupal module versions 6.x before 6.x-1.1

Description: The issue allows remote authenticated users to gain privileges of other users. This is achieved by leveraging the access content permission to list tables and obtain session IDs from the database.

Recommendations: For versions 5.x before 5.x-1.8, update to version 5.x-1.8 or later. For versions 6.x before 6.x-1.1, update to version 6.x-1.1 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2008-2271

Affected Products

Drupal Site Documentation Module

PT-2008-3763 · Drupal · Drupal Site Documentation Module

CVE-2008-2271

Weakness Enumeration

Related Identifiers

Affected Products

References · 6