CVE-2010-2353

Name of the Vulnerable Software and Affected Versions Content Construction Kit (CCK) module versions 6.x before 6.x-2.7

Description The issue concerns the Node Reference module in the CCK module for Drupal. It does not perform access checks for the source field in the backend URL for the autocomplete widget. This allows remote attackers to discover titles and IDs of controlled nodes.

Recommendations For versions prior to 6.x-2.7, update to version 6.x-2.7 or later to resolve the issue.