Drupal · Node Reference · CVE-2010-2352
**Name of the Vulnerable Software and Affected Versions**
Content Construction Kit (CCK) module versions 5.x before 5.x-1.11
Content Construction Kit (CCK) module versions 6.x before 6.x-2.7
**Description**
The issue concerns the Node Reference module in the Content Construction Kit (CCK) module for Drupal. It does not perform access checks before displaying referenced nodes, allowing remote attackers to read controlled nodes.
**Recommendations**
For versions 5.x before 5.x-1.11, update to version 5.x-1.11 or later.
For versions 6.x before 6.x-2.7, update to version 6.x-2.7 or later.