The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-06-21T19:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2010-06-21T00:00:00
Link: CVE-2010-2353
JSON object: View
NVD Information
Status : Modified
Published: 2010-06-21T19:30:02.180
Modified: 2017-08-17T01:32:42.540
Link: CVE-2010-2353
JSON object: View
Redhat Information
No data.
CWE