The Node Reference module in Content Construction Kit (CCK) module 6.x prior to 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote malicious users to discover titles and IDs of controlled nodes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yves_chedemois cck 6.x-2.6 |
||
yves_chedemois cck 6.x-2.5 |
||
yves_chedemois cck 6.x-2.0 |
||
yves_chedemois cck 6.x-2.1 |
||
yves_chedemois cck 6.x-2.3 |
||
yves_chedemois cck 6.x-2.2 |
||
yves_chedemois cck 6.x-1.x-dev |
||
yves_chedemois cck 6.x-2.4 |
||
yves_chedemois cck 6.x-3.x-dev |
||
yves_chedemois cck 6.x-2.x-dev |
||
yves_chedemois cck 6.x-1.0-alpha |