Back to search
CVE-2012-2722
Published: Jun 27, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
x_refsource_CONFIRM
http://drupal.org/node/1618430
x_refsource_CONFIRM
82735
vdb-entry
x_refsource_OSVDB
53835
vdb-entry
x_refsource_BID
[oss-security] 20120613 Re: CVE Request for Drupal contributed modules
mailing-list
x_refsource_MLIST
nodeembed-selectembed-security-bypass(76148)
vdb-entry
x_refsource_XF
http://drupal.org/node/1618428
x_refsource_CONFIRM
48348
third-party-advisory
x_refsource_SECUNIA
http://drupal.org/node/1619824
x_refsource_MISC
http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now