CVE-2008-4793: Drupal Node Validation Bypass in the node module API
7.5
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
drupal/drupal | composer | >= 5.0, < 5.11 | 5.11 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability reports (CVE-2008-4793/GHSA-ph2j-5hxq-gxrr) describe a node validation
bypass in Drupal 5.x
's core node module but do not specify the exact vulnerable functions
or attack vectors. The lack of commit diffs, patch details, or concrete code examples in the advisory materials makes it impossible to identify specific functions
with high confidence. While the node_save()
function and related validation
hooks are plausible candidates given the nature of the vulnerability, there is insufficient evidence in the provided data to confirm their involvement. The advisory explicitly states the vectors are 'unknown' and relates to contributed modules' interaction with the API
, further complicating precise identification without additional technical details.