7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.033 Low
EPSS
Percentile
91.3%
The Drupal team reports:
Vulnerability: SQL injection
A security vulnerability in the database layer allowed
certain queries to be submitted to the database without
going through Drupal’s query sanitizer.
Vulnerability: Execution of arbitrary files
Certain – alas, typical – configurations of Apache
allows execution of carefully named arbitrary scripts in
the files directory. Drupal now will attempt to
automatically create a .htaccess file in your “files”
directory to protect you.