Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2020 Greenbone AGOPENVAS:1361412562310144149
HistoryJun 19, 2020 - 12:00 a.m.

Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Windows

2020-06-1900:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
11

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Drupal is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:drupal:drupal";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.144149");
  script_version("2024-02-19T05:05:57+0000");
  script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
  script_tag(name:"creation_date", value:"2020-06-19 07:06:06 +0000 (Fri, 19 Jun 2020)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-05-14 18:10:00 +0000 (Fri, 14 May 2021)");

  script_cve_id("CVE-2020-13664", "CVE-2020-13665");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2020 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_drupal_http_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("drupal/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"Drupal is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Drupal is prone to multiple vulnerabilities:

  - Arbitrary PHP code execution (CVE-2020-13664)

  - Access bypass (CVE-2020-13665)");

  script_tag(name:"affected", value:"Drupal 8.8.x and earlier, 8.9.x and 9.0.x.");

  script_tag(name:"solution", value:"Update to version 8.8.8, 8.9.1, 9.0.1 or later.");

  script_xref(name:"URL", value:"https://www.drupal.org/sa-core-2020-005");
  script_xref(name:"URL", value:"https://www.drupal.org/sa-core-2020-006");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "^[0-9]\.[0-9]+"))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "8.0", test_version2: "8.8.7")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.8.8", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version == "8.9.0") {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.9.1", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version == "9.0.0") {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.0.1", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

ibm 1
openvas 1
nessus 5
cvelist 2
friendsofphp 4
osv 6
github 2
ubuntucve 2
drupal 2
cve 2
debiancve 2
veracode 1
prion 2
ibm
ibm
Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)
2020-12-03 23:39:07
openvas
openvas
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Linux
2020-06-19 00:00:00
nessus
nessus
Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities
2020-06-26 00:00:00
Drupal 8.9.x < 8.9.1 Multiple Vulnerabilities
2020-06-26 00:00:00
Drupal 7.x < 7.72 Multiple Vulnerabilities
2020-06-26 00:00:00
cvelist
cvelist
CVE-2020-13664
2021-05-05 14:56:39
CVE-2020-13665
2021-05-05 14:14:09
friendsofphp
friendsofphp
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
1970-01-01 00:00:00
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
1970-01-01 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
1970-01-01 00:00:00
osv
osv
Drupal Core Access bypass vulnerability
2022-05-24 17:49:27
CVE-2020-13665
2021-05-05 15:15:08
BIT-drupal-2020-13664
2024-03-06 10:58:34
github
github
Drupal Core Access bypass vulnerability
2022-05-24 17:49:27
Drupal Core Arbitrary PHP code execution vulnerability
2022-05-24 17:49:27
ubuntucve
ubuntucve
CVE-2020-13665
2021-05-05 00:00:00
CVE-2020-13664
2021-05-05 00:00:00
drupal
drupal
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
2020-06-17 00:00:00
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
2020-06-17 00:00:00
cve
cve
CVE-2020-13664
2021-05-05 15:15:00
CVE-2020-13665
2021-05-05 15:15:00
debiancve
debiancve
CVE-2020-13665
2021-05-05 15:15:00
CVE-2020-13664
2021-05-05 15:15:00
veracode
veracode
Privilege Escalation
2021-05-08 11:56:25
prion
prion
Security feature bypass
2021-05-05 15:15:00
Remote code execution
2021-05-05 15:15:00

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON
Related for OPENVAS:1361412562310144149
ibm1openvas1nessus5cvelist2friendsofphp4osv6github2ubuntucve2drupal2cve2debiancve2veracode1prion2