Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Angrydonuts Chaos Tool Suite 模块多个远程跨站请求伪造漏洞
Vulnerability Description
Drupal是很著名的开源内容管理平台,仿照了blog程序模式,但比普通的blog更灵活,可以做各种网站的内容管理平台。 Drupal的Chaos Tool Suite (即CTools)模块存在多个跨站请求伪造(CSRF)漏洞,远程攻击者可以劫持管理员对下述请求的认证:(1)以q=admin/build/pages/nojs/enable/的值激活某页面,或(2)以q=admin/build/pages/nojs/disable/的值禁用某页面。
CVSS Information
N/A
Vulnerability Type
N/A