Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal revisioning模块权限许可和访问控制漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中的revisioning模块7.x-1.3之前的7.x-1.x版本中的‘hook_node_access’函数中存在漏洞,该漏洞源于调用检查其他用户的权限时,检查当前用户的权限。远程攻击者可利用该漏洞绕过目地访问限制,如使用XML网站地图模块获取有关未发布内容的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A