Candidate: CVE-2008-4792
PublicDate: 2008-10-29 15:31:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4792
 http://drupal.org/node/318706
Description:
 The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does
 not properly validate unspecified content fields of an internal Drupal
 form, which allows remote authenticated users to bypass intended access
 restrictions via modified field values.
Ubuntu-Description:
Notes:
 mdeslaur> SA-2008-060
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_drupal5:
upstream_drupal5: released (5.11)
dapper_drupal5: DNE
gutsy_drupal5: needed (reached end-of-life)
hardy_drupal5: released (5.7-1ubuntu1.2)
intrepid_drupal5: released (5.10-1ubuntu1.1)
jaunty_drupal5: not-affected (5.15-1ubuntu1)
karmic_drupal5: not-affected (5.18-1.1ubuntu2)
devel_drupal5: DNE