CVE-2006-1228

Drupal <4.5.8, <4.6 - Privilege Escalation

Title source: llm

Description

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

References (9)

[Patch, Vendor Advisory] http://drupal.org/node/53805

[Patch, Vendor Advisory] http://secunia.com/advisories/19245

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25205

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/427589/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17104

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1007

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23911

[Third Party Advisory] http://secunia.com/advisories/19257

[Third Party Advisory] http://securityreason.com/securityalert/580

Scores

EPSS 0.0217

EPSS Percentile 84.1%

Classification

CWE

CWE-287

Status draft

Affected Products (6)

drupal/drupal

Timeline

Published Mar 14, 2006

Tracked Since Feb 18, 2026