Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Amazon AWS模块安全漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Amazon AWS是其中的一个与亚马逊网络服务(AWS)集成的模块。 Drupal Amazon AWS模块7.x-1.3之前版本中存在安全漏洞,该漏洞源于程序使用基础的URL和AWS访问密钥生成访问令牌。远程攻击者可借助特制的URL利用该漏洞猜出令牌值,并创建备份。
CVSS Information
N/A
Vulnerability Type
N/A