CVE-2008-4792

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2008/10/21/7", "name": "[oss-security] 20081021 CVE req: drupal < 5.11/6.5", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://drupal.org/node/318706", "name": "http://drupal.org/node/318706", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/32201", "name": "32201", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45761", "name": "drupal-blogapi-security-bypass(45761)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4792", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-10-29T15:31Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.5", "versionStartIncluding": "6.0"}, {"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.11", "versionStartIncluding": "5.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-02T13:18Z"}