CVE-2010-2353
CVE-2010-2353 affects the Drupal Content Construction Kit (CCK) Node Reference module for Drupal 6.x prior to 6.x-2.7. The backend URL used by the autocomplete widget does not perform field‑level access checks on the source field, allowing remote attackers to discover titles and IDs of nodes the ...