Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Angrydonuts Chaos Tool Suite 模块多个远程访问控制漏洞
Vulnerability Description
Drupal是很著名的开源内容管理平台,仿照了blog程序模式,但比普通的blog更灵活,可以做各种网站的内容管理平台。 Drupal的Chaos Tool Suite (即CTools)模块的自动完成功能不进行访问限制,拥有访问内容权限的远程认证用户可利用q=ctools/autocomplete/node/的值和节点标题的第一个字符读取未发布节点的标题。
CVSS Information
N/A
Vulnerability Type
N/A