Vulnerability Details : CVE-2008-3745
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2008-3745
Probability of exploitation activity in the next 30 days: 0.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3745
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
[email protected] |
CWE ids for CVE-2008-3745
-
Assigned by: [email protected] (Primary)
References for CVE-2008-3745
- http://drupal.org/node/295053
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
- https://bugzilla.redhat.com/show_bug.cgi?id=459108
- http://www.vupen.com/english/advisories/2008/2392
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44458
- http://www.securityfocus.com/bid/30689
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
Products affected by CVE-2008-3745
- cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:upload_module:*:*:*:*:*:*:*:*