CVE-2008-4790

Publication date 29 October 2008

Last updated 24 July 2024


Ubuntu priority

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Read the notes from the security team

Status

Package Ubuntu Release Status
drupal5 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Fixed 5.10-1ubuntu1.1
8.04 LTS hardy
Fixed 5.7-1ubuntu1.2
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Not in release

Notes


mdeslaur

SA-2008-060