Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Open Graph Importer模块权限许可和访问控制漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Open Graph Importer(og_tag_importer)是其中的一个支持后端管理员或者其他用户从其他网站使用开放图形meta标签导入内容的模块。 Drupal Open Graph Importer模块7.x-1.x版本中存在安全漏洞,该漏洞源于程序没有正确检查内容类型(导入内容时创建)的‘create’权限。远程攻击者可利用该漏洞以‘import og_tag_importer’权限绕过既定的限制。
CVSS Information
N/A
Vulnerability Type
N/A