Miggo Logo

CVE-2008-4793: Drupal Node Validation Bypass in the node module API

7.5

CVSS Score

Basic Information

EPSS Score
0.50239%
Published
5/17/2022
Updated
2/9/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
drupal/drupalcomposer>= 5.0, < 5.115.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability reports (CVE-2008-4793/GHSA-ph2j-5hxq-gxrr) describe a node validation bypass in Drupal 5.x's core node module but do not specify the exact vulnerable functions or attack vectors. The lack of commit diffs, patch details, or concrete code examples in the advisory materials makes it impossible to identify specific functions with high confidence. While the node_save() function and related validation hooks are plausible candidates given the nature of the vulnerability, there is insufficient evidence in the provided data to confirm their involvement. The advisory explicitly states the vectors are 'unknown' and relates to contributed modules' interaction with the API, further complicating precise identification without additional technical details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** no** mo*ul* *PI in *rup*l *.x ***or* *.** *llows r*mot* *tt**k*rs to *yp*ss no** v*li**tion *n* **v* unsp**i*i** ot**r imp**t vi* unknown v**tors r*l*t** to *ontri*ut** mo*ul*s.

Reasoning

T** provi*** vuln*r**ility r*ports (*V*-****-****/**S*-p**j-**xq-*xrr) **s*ri** * no** `v*li**tion` *yp*ss in `*rup*l *.x`'s *or* no** mo*ul* *ut *o not sp**i*y t** *x**t vuln*r**l* `*un*tions` or *tt**k v**tors. T** l**k o* *ommit *i**s, p*t** **t*i