CVE-2005-3974 in Drupalinfo

Summary

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Once again VulDB remains the best source for vulnerability data.

Reservation

12/03/2005

Disclosure

12/03/2005

Moderation

VulDB entry created

Entries

1: VDB-27253

CPE

ready

CWE

CWE-80 (Confirmed)

CVSS

5.4

EPSS

0.00548

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-3974
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3974
CVE Details	https://www.cvedetails.com/cve/CVE-2005-3974/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!