Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112482
HistoryJun 26, 2020 - 12:00 a.m.

Drupal 8.9.x < 8.9.1 Multiple Vulnerabilities

2020-06-2600:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities :

  • A Cross-Site Request Forgery (CSRF) due to insufficient validation in the Drupal core Form API (CVE-2020-13663).

  • An arbitrary PHP code execution (CVE-2020-13664).

  • An access bypass due to insufficient validation in JSON:API PATCH requests (CVE-2020-13665).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Related

nessus 8
ibm 2
openvas 9
friendsofphp 6
cvelist 3
osv 11
github 3
ubuntucve 3
drupal 3
cve 3
veracode 2
prion 3
debiancve 3
debian 2
alpinelinux 1
fedora 3
nessus
nessus
Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities
2020-06-26 00:00:00
Drupal 7.x < 7.72 Multiple Vulnerabilities
2020-06-26 00:00:00
Drupal 9.0.x < 9.0.1 Multiple Vulnerabilities
2020-06-26 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)
2020-12-03 23:39:07
Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663)
2020-10-06 21:21:51
openvas
openvas
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Linux
2020-06-19 00:00:00
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Windows
2020-06-19 00:00:00
Drupal 7.x, 8.x, 9.x CSRF Vulnerability (SA-CORE-2020-004) - Linux
2020-06-19 00:00:00
friendsofphp
friendsofphp
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
1970-01-01 00:00:00
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
1970-01-01 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
1970-01-01 00:00:00
cvelist
cvelist
CVE-2020-13664
2021-05-05 14:56:39
CVE-2020-13665
2021-05-05 14:14:09
CVE-2020-13663
2021-06-11 15:07:25
osv
osv
Drupal Core Access bypass vulnerability
2022-05-24 17:49:27
BIT-drupal-2020-13663
2024-03-06 10:58:43
CVE-2020-13665
2021-05-05 15:15:08
github
github
Drupal Core Access bypass vulnerability
2022-05-24 17:49:27
Drupal Core Arbitrary PHP code execution vulnerability
2022-05-24 17:49:27
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
2022-05-24 19:05:06
ubuntucve
ubuntucve
CVE-2020-13665
2021-05-05 00:00:00
CVE-2020-13664
2021-05-05 00:00:00
CVE-2020-13663
2021-06-11 00:00:00
drupal
drupal
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
2020-06-17 00:00:00
Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
2020-06-17 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
2020-06-17 00:00:00
cve
cve
CVE-2020-13664
2021-05-05 15:15:00
CVE-2020-13665
2021-05-05 15:15:00
CVE-2020-13663
2021-06-11 16:15:00
veracode
veracode
Privilege Escalation
2021-05-08 11:56:25
Cross-Site Request Forgery (CSRF)
2020-06-19 04:54:09
prion
prion
Security feature bypass
2021-05-05 15:15:00
Remote code execution
2021-05-05 15:15:00
Cross site request forgery (csrf)
2021-06-11 16:15:00
debiancve
debiancve
CVE-2020-13665
2021-05-05 15:15:00
CVE-2020-13664
2021-05-05 15:15:00
CVE-2020-13663
2021-06-11 16:15:00
debian
debian
[SECURITY] [DSA 4706-1] drupal7 security update
2020-06-18 20:24:45
[SECURITY] [DLA 2263-1] drupal7 security update
2020-06-30 09:01:54
alpinelinux
alpinelinux
CVE-2020-13663
2021-06-11 16:15:00
fedora
fedora
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
2020-09-25 17:15:48
[SECURITY] Fedora 31 Update: drupal7-7.72-1.fc31
2020-09-13 14:19:12
[SECURITY] Fedora 32 Update: drupal7-7.72-1.fc32
2020-09-13 14:28:32
JSON
Related for WEB_APPLICATION_SCANNING_112482
nessus8ibm2openvas9friendsofphp6cvelist3osv11github3ubuntucve3drupal3cve3veracode2prion3debiancve3debian2alpinelinux1fedora3