5
CVE-2010-2353
- EPSS 0.68%
- Published 21.06.2010 19:30:02
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
Data is provided by the National Vulnerability Database (NVD)
Yves Chedemois ≫ Cck Version6.x-1.0-alpha
Yves Chedemois ≫ Cck Version6.x-1.x-dev
Yves Chedemois ≫ Cck Version6.x-2.0
Yves Chedemois ≫ Cck Version6.x-2.0 Updatebeta
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc1
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc10
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc2
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc3
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc4
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc5
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc6
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc7
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc8
Yves Chedemois ≫ Cck Version6.x-2.0 Updaterc9
Yves Chedemois ≫ Cck Version6.x-2.1
Yves Chedemois ≫ Cck Version6.x-2.2
Yves Chedemois ≫ Cck Version6.x-2.3
Yves Chedemois ≫ Cck Version6.x-2.4
Yves Chedemois ≫ Cck Version6.x-2.5
Yves Chedemois ≫ Cck Version6.x-2.6
Yves Chedemois ≫ Cck Version6.x-2.x-dev
Yves Chedemois ≫ Cck Version6.x-3.x-dev
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.709 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|