The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2010-06-21 12:30
Updated : 2017-08-16 18:32
NVD link : CVE-2010-2353
Mitre link : CVE-2010-2353
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
yves_chedemois
- cck
drupal
- drupal