Vulnerability Details : CVE-2008-1729
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
Exploit prediction scoring system (EPSS) score for CVE-2008-1729
Probability of exploitation activity in the next 30 days: 0.55%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-1729
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2008-1729
-
http://drupal.org/node/244637
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/28714
Patch;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41755
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2008/1185/references
Third Party Advisory
Products affected by CVE-2008-1729
- cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*