Описание
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-2352
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59515
- http://drupal.org/node/829566
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043100.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043172.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043191.html
- http://osvdb.org/65615
- http://secunia.com/advisories/40243
- http://secunia.com/advisories/40318
- http://www.vupen.com/english/advisories/2010/1546
Связанные уязвимости
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
The Node Reference module in Content Construction Kit (CCK) module 5.x ...