Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal 信任管理问题漏洞
Vulnerability Description
Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。 Drupal 5.19之前的5.x版本以及6.13之前的6.x版本存在信任管理问题漏洞,该漏洞源于未能合适的终止(sanitize)对包含一个可分类的表格的页的失败注册尝试。该表格把用户名和密码放置在链接里,而链接可以从(1)外面(external)网站(这些网站可以从链接中进行访问)的HTTP referer header中(2)Drupal page cache(当page caching被激活时)中读取。
CVSS Information
N/A
Vulnerability Type
N/A