Описание
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:feeds_project:feeds:7.x-2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:feeds_project:feeds:7.x-2.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:feeds_project:feeds:7.x-2.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:feeds_project:feeds:7.x-2.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:feeds_project:feeds:7.x-2.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:feeds_project:feeds:7.x-2.x:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
EPSS
Процентиль: 43%
0.00208
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-264