漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
Vulnerability Description
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal 安全漏洞
Vulnerability Description
Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。 Drupal存在安全漏洞,该漏洞源于文件下载工具无法充分清理文件路径,导致用户获得私有文件的访问权限。受影响的产品和版本:Drupal 7版本,Drupal 9.4版本,Drupal 9.5版本,Drupal 10.0版本。
CVSS Information
N/A
Vulnerability Type
N/A