The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2010-06-21 19:30
Updated : 2024-02-04 17:54
NVD link : CVE-2010-2353
Mitre link : CVE-2010-2353
CVE.ORG link : CVE-2010-2353
JSON object : View
Products Affected
yves_chedemois
- cck
drupal
- drupal
CWE
CWE-264
Permissions, Privileges, and Access Controls