Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal User Read-Only模块安全漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中的User Read-Only模块6.x-1.4之前的6.x-1.x版本和7.x-1.4之前的7.x-1.x版本中存在漏洞,该漏洞源于网站上有多于三个角色和某些未明配置,没有正确分配角色。远程认证攻击者利用该漏洞通过执行一定的操作(如更改密码),获得特权。
CVSS Information
N/A
Vulnerability Type
N/A