Vulnerability Description
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unleashedmind | Img Assist | 5.x-1.0 |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/520564PatchVendor Advisory
- http://osvdb.org/55867
- http://secunia.com/advisories/35879Vendor Advisory
- http://www.securityfocus.com/bid/35710Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51787
- http://drupal.org/node/520564PatchVendor Advisory
- http://osvdb.org/55867
- http://secunia.com/advisories/35879Vendor Advisory
- http://www.securityfocus.com/bid/35710Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51787
FAQ
What is CVE-2009-4558?
CVE-2009-4558 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly ...
How severe is CVE-2009-4558?
CVE-2009-4558 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4558?
Check the references section above for vendor advisories and patch information. Affected products include: Unleashedmind Img Assist, Drupal Drupal.