Vulnerability Description
The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Site Documentation Project | Site Documentation | >= 5.x-1.0, < 5.x-1.8 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/258547Vendor Advisory
- http://secunia.com/advisories/30257Third Party Advisory
- http://www.securityfocus.com/bid/29242Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/1541/referencesThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42453Third Party AdvisoryVDB Entry
- http://drupal.org/node/258547Vendor Advisory
- http://secunia.com/advisories/30257Third Party Advisory
- http://www.securityfocus.com/bid/29242Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/1541/referencesThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42453Third Party AdvisoryVDB Entry
FAQ
What is CVE-2008-2271?
CVE-2008-2271 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list...
How severe is CVE-2008-2271?
CVE-2008-2271 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2271?
Check the references section above for vendor advisories and patch information. Affected products include: Site Documentation Project Site Documentation.