Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-4389

EPSS 0.21% · P43
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-4389

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Drupal Open Graph Importer模块权限许可和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Open Graph Importer(og_tag_importer)是其中的一个支持后端管理员或者其他用户从其他网站使用开放图形meta标签导入内容的模块。 Drupal Open Graph Importer模块7.x-1.x版本中存在安全漏洞,该漏洞源于程序没有正确检查内容类型(导入内容时创建)的‘create’权限。远程攻击者可利用该漏洞以‘import og_tag_importer’权限绕过既定的限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2015-4389

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2015-4389

登录查看更多情报信息。

Same Patch Batch · n/a · 2015-06-15 · 67 CVEs total

CVE-2015-4373Drupal OG tabs模块跨站脚本漏洞
CVE-2015-4394Drupal Services模块权限许可和访问控制漏洞
CVE-2015-4393Drupal Services模块安全漏洞
CVE-2015-4392Drupal Display Suite模块跨站脚本漏洞
CVE-2015-4380Drupal Linear Case模块跨站脚本漏洞
CVE-2015-4379Drupal Webform Multiple File Upload模块跨站请求伪造漏洞
CVE-2015-4378Drupal Crumbs模块跨站脚本漏洞
CVE-2015-4377Drupal Petition模块跨站脚本漏洞
CVE-2015-4376Drupal Profile2 Privacy模块跨站脚本漏洞
CVE-2015-4375Drupal Chaos tool suite模块信息泄露漏洞
CVE-2015-4381Drupal Invoice模块跨站脚本漏洞
CVE-2015-4372Drupal Image Title模块跨站脚本漏洞
CVE-2015-4371Drupal Perfecto模块开放重定向漏洞
CVE-2015-4370Drupal Site Documentation模块跨站脚本漏洞
CVE-2015-4369Drupal Trick Question模块跨站脚本漏洞
CVE-2015-4368Drupal Commerce Ogone模块权限许可和访问控制漏洞
CVE-2015-4367Drupal Simple Subscription模块跨站脚本漏洞
CVE-2015-4366Drupal Mover模块跨站脚本漏洞
CVE-2015-4365Drupal Taxonomy Accordion模块跨站脚本漏洞
CVE-2015-4364Drupal Campaign Monitor模块跨站请求伪造漏洞

Showing top 20 of 67 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2015-4389

No comments yet

Leave a comment