The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes.
CPE | Name | Operator | Version |
---|---|---|---|
cck | eq | 5.x-1.0 beta | |
cck | eq | 5.120.11 | |
cck | eq | 5.120.12 | |
cck | eq | 5.120.13 | |
cck | eq | 5.120.17 | |
cck | eq | 5.x-1.x dev | |
cck | eq | 6.x-2.0 rc4 | |
cck | eq | 6.x-2.0 rc7 | |
cck | eq | 6.x-2.0 rc5 | |
cck | eq | 6.x-2.0 rc2 |
osvdb.org/65615
secunia.com/advisories/40243
secunia.com/advisories/40318
www.vupen.com/english/advisories/2010/1546
drupal.org/node/829566
exchange.xforce.ibmcloud.com/vulnerabilities/59515
lists.fedoraproject.org/pipermail/package-announce/2010-June/043100.html
lists.fedoraproject.org/pipermail/package-announce/2010-June/043172.html
lists.fedoraproject.org/pipermail/package-announce/2010-June/043191.html