Drupal Node Access User Reference模块访问绕过漏洞

Bugtraq ID:60211 CVE ID:CVE-2013-2123 Drupal是一个基于PHP语言编写的开发型CMF（内容管理框架）。 Drupal Node Access User Reference模块允许对坐着，引用用户和非引用用户分配不同的访问权限。当作者创建包含用户引用字段的内容，并坐着用户账户不就被删除后，该作者创建的内容可被匿名用户编辑。 0 Drupal Node Access User Reference 6.x Drupal Node Access User Reference 7.x 厂商解决方案 Drupal Node Access User...

SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

This module allows different access permissions to be given to authors, referenced users and non-referenced users. When an author has created content containing a user reference field with author update/delete grants enabled and the author's user account is later deleted, content created by them...

SA-CONTRIB-2009-024 - Node Access User Reference - Access Bypass

Node Access User Reference enables administrators to automatically grant node access view, update, or delete to a node where the user is referenced by CCK user reference. When such a field is saved with an empty value, Node Access User Reference mistakes this for a reference to the anonymous user...