Описание
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
Ссылки
- Patch
- PatchVendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_hierarchy_module:5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_hierarchy_module:6:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.002
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
EPSS
Процентиль: 43%
0.002
Низкий
5 Medium
CVSS2
Дефекты
CWE-264