Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Views Bulk Operations模块访问绕过漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Views Bulk Operations(VBO)是其中的一个用于在节点上更改视图的第三方模块。 Drupal VBO模块6.x-1.x版本和7.x-3.3之前7.x-3.x版本中存在安全漏洞。当程序使用bulk操作改变角色时,远程攻击者可通过访问开启了VBO的用户账户列表视图利用该漏洞编辑用户账户,或添加任意角色。
CVSS Information
N/A
Vulnerability Type
N/A