Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Content Construction Kit模块Node Reference功能权限许可和访问控制漏洞
Vulnerability Description
Drupal是很著名的开源内容管理平台,仿照了blog程序模式,但比普通的blog更灵活,可以做各种网站的内容管理平台。 Drupal的Content Construction Kit (CCK) 模块的Node Reference功能模块在自动完成部件没有正确的执行源字段,远程攻击者可以借助此漏洞发现控制节点的标题和IDs。
CVSS Information
N/A
Vulnerability Type
N/A