Описание
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-2722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76148
- http://drupal.org/node/1618428
- http://drupal.org/node/1618430
- http://drupal.org/node/1619824
- http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
- http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
- http://secunia.com/advisories/48348
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82735
- http://www.securityfocus.com/bid/53835
EPSS
CVE ID
Связанные уязвимости
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
EPSS