Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RESTful Web Services 代码注入漏洞
Vulnerability Description
RESTful Web Services是一种架构风格,它指定约束(例如统一接口),如果将这些约束应用于 Web 服务,则会产生所需的属性,例如性能、可伸缩性和可修改性,从而使服务能够在 Web 上最佳运行。 RESTful Web Services 7.x-1.4之前的7.x-1.x版本和7.x-2.1之前的7.x-2.x版本存在代码注入漏洞。远程攻击者可通过特制的文本字段利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A