PT-2010-3937 · Drupal · Node Reference+2

Marc Ferran

Published

2010-06-21

Updated

2017-08-17

CVE-2010-2352

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Content Construction Kit (CCK) module versions 5.x before 5.x-1.11 Content Construction Kit (CCK) module versions 6.x before 6.x-2.7

Description The issue concerns the Node Reference module in the Content Construction Kit (CCK) module for Drupal. It does not perform access checks before displaying referenced nodes, allowing remote attackers to read controlled nodes.

Recommendations For versions 5.x before 5.x-1.11, update to version 5.x-1.11 or later. For versions 6.x before 6.x-2.7, update to version 6.x-2.7 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-2352

Affected Products

Content Construction Kit

Drupal

Node Reference

PT-2010-3937 · Drupal · Node Reference+2

CVE-2010-2352

Weakness Enumeration

Related Identifiers

Affected Products

References · 10