Lucene search
DrupalCVELIST:CVE-2020-13664HistoryMay 05, 2021 - 2:56 p.m.
CVE-2020-13664
2021-05-0514:56:39
drupal
www.cve.org
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.
CNA Affected
[
{
"product": "Drupal Core",
"vendor": "Drupal",
"versions": [
{
"lessThan": "8.8.8",
"status": "affected",
"version": "8.8.x",
"versionType": "custom"
},
{
"lessThan": "8.9.1",
"status": "affected",
"version": "8.9.x",
"versionType": "custom"
},
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.1",
"versionType": "custom"
}
]
}
]References
Related
friendsofphp
friendsofphp
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
1970-01-01 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
1970-01-01 00:00:00
debiancve
debiancve
CVE-2020-13664
2021-05-05 15:15:00
prion
prion
Remote code execution
2021-05-05 15:15:00
osv
osv
BIT-drupal-2020-13664
2024-03-06 10:58:34
Drupal Core Arbitrary PHP code execution vulnerability
2022-05-24 17:49:27
CVE-2020-13664
2021-05-05 15:15:08
github
github
Drupal Core Arbitrary PHP code execution vulnerability
2022-05-24 17:49:27
ubuntucve
ubuntucve
CVE-2020-13664
2021-05-05 00:00:00
cve
cve
CVE-2020-13664
2021-05-05 15:15:08
drupal
drupal
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
2020-06-17 00:00:00
nvd
nvd
CVE-2020-13664
2021-05-05 15:15:08
ibm
ibm
openvas
openvas
nessus
nessus
Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities
2020-06-26 00:00:00
Drupal 7.x < 7.72 Multiple Vulnerabilities
2020-06-26 00:00:00