drupal6

2008-10-10

Page content

Author: Miklos Vajna
Vulnerable: 6.4-1
Unaffected: 6.5-1solaria1

A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to improper access restriction in the core upload module. This can be exploited to attach arbitrary files to content, without valid credentials. Successful exploitation requires that the core upload module is enabled.

Bug Tracker URL: http://bugs.frugalware.org/task/3393

CVEs:

No CVE, see http://drupal.org/node/318706