Lucene search
GitHub Advisory DatabaseGHSA-7V68-3PR5-H3CRHistoryMay 15, 2024 - 8:37 p.m.
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
2024-05-1520:37:17
CWE-94
GitHub Advisory Database
github.com
2
drupal
core
insufficient
contextual links
validation
remote code execution
vulnerability
access
software
7 High
AI Score
Confidence
Low
The Contextual Links module doesnβt sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission βaccess contextual linksβ.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/core | lt | 8.6.2 | |
| drupal/core | lt | 8.5.8 |
7 High
AI Score
Confidence
Low