CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/258547	Vendor Advisory
http://secunia.com/advisories/30257	Third Party Advisory
http://www.securityfocus.com/bid/29242	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1541/references	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42453	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:site_documentation_project:site_documentation::::::drupal::*
	cpe:2.3:a:site_documentation_project:site_documentation::::::drupal::*

Information

Published : 2008-05-16 05:54

Updated : 2021-04-19 13:58

NVD link : CVE-2008-2271

Mitre link : CVE-2008-2271

JSON object : View

CWE

CWE-269

Improper Privilege Management

Advertisement

Products Affected

site_documentation_project

site_documentation

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://drupal.org/node/258547", "name": "http://drupal.org/node/258547", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/30257", "name": "30257", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/29242", "name": "29242", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/1541/references", "name": "ADV-2008-1541", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42453", "name": "site-access-content-info-disclosure(42453)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the \"access content\" permission to list tables and obtain session IDs from the database."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-269"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2271", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-05-16T12:54Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:site_documentation_project:site_documentation:*:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.x-1.8", "versionStartIncluding": "5.x-1.0"}, {"cpe23Uri": "cpe:2.3:a:site_documentation_project:site_documentation:*:*:*:*:*:drupal:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.x-1.1", "versionStartIncluding": "6.x-1.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-19T20:58Z"}