| VID |
21647 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Drupal, according to its version number, has a privilege escalation vulnerability. Drupal is an open-source content management system written in PHP. Drupal versions 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.5.2, and 4.6.0 could allow a remote authenticated attacker to gain elevated privileges, caused by improper handling of user supplied input. If public registration is enabled, a remote attacker could exploit this vulnerability to gain administration privileges.
* Note: This check solely relied on the version number of the Drupal installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/401457
http://marc.theaimsgroup.com/?l=bugtraq&m=111782257601422&w=2
* Platforms Affected:
Drupal versions 4.4.0, 4.4.1 and 4.4.2
Drupal versions 4.5.0, 4.5.1 and 4.5.2
Drupal version 4.6.0
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Drupal (4.4.3 or 4.5.3 or 4.6.1 or later), available from the Drupal Web site at http://drupal.org/project/drupal |
| Related URL |
CVE-2005-1871 (CVE) |
| Related URL |
13852 (SecurityFocus) |
| Related URL |
20891 (ISS) |
|
