CVE-2008-1729
First published: Fri Apr 11 2008(Updated: )
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal | >=6.0<6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-1729?
CVE-2008-1729 has a moderate severity rating due to potential unauthorized access and information disclosure.
How do I fix CVE-2008-1729?
To fix CVE-2008-1729, upgrade Drupal to version 6.2 or later to apply the necessary security patches.
What are the implications of CVE-2008-1729?
CVE-2008-1729 allows attackers to edit user profile pages and access sensitive content due to inadequate permissions checks.
Which versions of Drupal are affected by CVE-2008-1729?
CVE-2008-1729 affects Drupal versions prior to 6.2.
Who can exploit CVE-2008-1729?
Remote attackers can exploit CVE-2008-1729 if they have the ability to access the affected Drupal site.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/drupal
- canonical/drupal
- version/drupal/6.0