Drupal Webform Template模块安全绕过漏洞

Drupal是一套开放源码的内容管理平台。 该漏洞是由于当显示可能的节点来复制网页表单的配置文件时，应用程序没有正确验证权限, 攻击者可以利用漏洞泄漏其他受限制接点的某些信息。 0 Drupal Webform Template Module 7.x Drupal Webform Template Module 7.x-1.3版本以修复此漏洞，建议用户下载使用： https://drupal.org/node/2216607...

SA-CONTRIB-2014-031 - Webform Template - Access Bypass

This module enables you to copy webform config from one node to another. The module doesn't respect node access when providing possible nodes to copy from. As a result, a user may be disclosed the titles of nodes he does not have view access to and as such he may be able to copy the webform...