drupal-6.4-2AXS3

Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website.
Multiple vulnerabilities and weaknesses were discovered in Drupal.
File upload access bypass
A logic error in the core upload module validation allowed unprivileged users to attach files to content. This bug affects Drupal 6.x only.
Access rules bypass
A deficiency in the user module allowed users who had been blocked by access rules to continue logging into the site under certain conditions.
BlogAPI access bypass
The BlogAPI module does not implement correct validation for certain content fields, allowing for values to be set for fields which would otherwise be inaccessible on an internal Drupal form.
Versions affected
* Drupal 5.x before version 5.11
* Drupal 6.x before version 6.5