User Profile Privilege Bypass in Drupal 4.5.0 - 4.5.5 and 4.6.0 - 4.6.3
CVE-2005-3974 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:P/A:N
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Learn more about our User Device Pen Test.