Описание
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
Ссылки
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:earl_dunovant:week:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.0:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.1:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.2:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.3:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.4:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.5:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.6:*:*:*:*:*:*:*
cpe:2.3:a:earl_dunovant:week:6.x-2.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00595
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
EPSS
Процентиль: 68%
0.00595
Низкий
5 Medium
CVSS2
Дефекты
CWE-264