Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Project多个模块权限许可漏洞
Vulnerability Description
Drupal Project 模块版本5.x-1.0, 4.7.x-2.3, 和 4.7.x-1.3 以及 Project issue tracking 模块 5.x-1.0, 4.7.x-2.4, 和 4.7.x-1.4版本之前的版本没有适当地实施许可,这会允许远程攻击者 to (1)可以借助Tracker 模块和Recent posts页获得敏感信息; (2)可以借助未明向量获得程序名; (3) 可以借助静态页获得敏感信息; 和(4)读取CVS 程序活动。
CVSS Information
N/A
Vulnerability Type
N/A