CVE-2010-2353
Last modified
CVE-2010-2353 is a vulnerability of currently unknown severity. The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.. EPSS estimates a 1.77% chance of exploitation in the next 30 days.
Description
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yves Chedemois | Cck | 6.x-1.0-alpha |
| Yves Chedemois | Cck | 6.x-1.x-dev |
| Yves Chedemois | Cck | 6.x-2.0 |
| Yves Chedemois | Cck | 6.x-2.1 |
| Yves Chedemois | Cck | 6.x-2.2 |
| Yves Chedemois | Cck | 6.x-2.3 |
| Yves Chedemois | Cck | 6.x-2.4 |
| Yves Chedemois | Cck | 6.x-2.5 |
| Yves Chedemois | Cck | 6.x-2.6 |
| Yves Chedemois | Cck | 6.x-2.x-dev |
| Yves Chedemois | Cck | 6.x-3.x-dev |
References
- http://secunia.com/advisories/40243Vendor Advisory
- http://secunia.com/advisories/40243Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-2353?
How severe is CVE-2010-2353?
How do I fix CVE-2010-2353?
Are you affected by CVE-2010-2353?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST