The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.
References
Link | Resource |
---|---|
http://drupal.org/node/520564 | Patch Vendor Advisory |
http://osvdb.org/55867 | |
http://secunia.com/advisories/35879 | Vendor Advisory |
http://www.securityfocus.com/bid/35710 | Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/51787 | |
http://drupal.org/node/520564 | Patch Vendor Advisory |
http://osvdb.org/55867 | |
http://secunia.com/advisories/35879 | Vendor Advisory |
http://www.securityfocus.com/bid/35710 | Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/51787 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://drupal.org/node/520564 - Patch, Vendor Advisory | |
References | () http://osvdb.org/55867 - | |
References | () http://secunia.com/advisories/35879 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/35710 - Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/51787 - |
Information
Published : 2010-01-04 21:30
Updated : 2024-11-21 01:09
NVD link : CVE-2009-4558
Mitre link : CVE-2009-4558
CVE.ORG link : CVE-2009-4558
JSON object : View
Products Affected
unleashedmind
- img_assist
drupal
- drupal
CWE
CWE-264
Permissions, Privileges, and Access Controls