Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Advanced Forum模块权限许可和访问控制漏洞
Vulnerability Description
Drupal module Advanced Forum软件在关联注释格式被改变成管理员控制的输入格式后,并未阻止用户修改用户签名,这使得远程认证用户可以借助一个特制的用户签名注入任意的Web脚本、HTML以及可能PHP代码。受影响软件包括Drupal module Advanced Forum 6.x-1.1之前6.x版本。
CVSS Information
N/A
Vulnerability Type
N/A