User Profile Privilege Bypass in Drupal 4.5.0 - 4.5.5 and 4.6.0 - 4.6.3

User Profile Privilege Bypass in Drupal 4.5.0 - 4.5.5 and 4.6.0 - 4.6.3

CVE-2005-3974 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

Learn more about our User Device Pen Test.