CVE-2008-4793
Description
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation via contributed modules, potentially leading to unauthorized access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation via contributed modules, potentially leading to unauthorized access.
Vulnerability
The node module API in Drupal 5.x before 5.11 contains a weakness that allows node validation to be bypassed under certain circumstances when contributed modules implement the API. This vulnerability only affects Drupal 5.x and only sites using a small number of contributed modules; none of the known contributed modules were found to be vulnerable, so the fix is a preventative measure. [2]
Exploitation
Remote attackers can exploit this vulnerability by sending crafted requests that bypass node validation. The exact vectors are unknown, but the advisory classifies the vulnerability as exploitable from remote without requiring authentication. [2]
Impact
Successful exploitation allows attackers to bypass node validation, potentially leading to unauthorized access to or modification of content. The impact is unspecified but could include data disclosure or integrity compromise. [2]
Mitigation
The vulnerability is fixed in Drupal 5.11, released on 2008-October-8. No workaround is available; upgrading to the latest version is recommended. [2]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/drupalPackagist | >= 5.0, < 5.11 | 5.11 |
Affected products
16cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*range: <=5.10
- cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- drupal.org/node/318706nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-ph2j-5hxq-gxrrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-4793ghsaADVISORY
- www.openwall.com/lists/oss-security/2008/10/21/7nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/45763nvdWEB
- web.archive.org/web/20090302033759/http://secunia.com/advisories/32200ghsaWEB
- secunia.com/advisories/32200nvd
News mentions
0No linked articles in our index yet.