N/A

Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.

N/A

N/A

Drupal 信息泄露漏洞

Drupal是一个使用PHP编写的开放源码内容管理系统(CMS)。 Drupal 5.17版本之前的5.x版本和6.11版本之前的6.x版本中存在未明漏洞,当在 vbDrupal 5.17.0版本之前的版本运行时,用户协助式的远程攻击者通过欺骗受害人访问具有一个特制的URL的站点并引起格式数据被发送至一个由攻击者控制的战斗，以获得敏感信息。它可能与多个/字符有关，且该/字符没有适当地被includes/bootstrap.in处理过，例如运行搜索框。注意：该漏洞能进一步扩大到执行跨站请求伪造攻击。

N/A

N/A