Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Token Insert Entity模块信息泄露漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Token Insert Entity是其中的一个提供了为已打开的实体或节点嵌入标记的模块。 Drupal Token Insert Entity模块7.x-1.1之前7.x-1.x版本中存在安全漏洞,该漏洞源于程序没有正确检查权限。远程攻击者可通过插入特制的令牌(可将渲染实体嵌入主节点),利用该漏洞以特定的权限绕过既定的访问限制,获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A