Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

Exploit for Improper Input Validation in Drupal

LAB 9-CVE-2018-7600 I. SYSTEM ANALYSIS Identify...

Missing Authorization

Drupal Authenticator Login is vulnerable to Missing Authorization. The vulnerability is due to improper authorization checks in the Authenticator Login component, which allows an attacker to perform forceful browsing and access restricted functionality or resources without proper authorization...

BIT-DRUPAL-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

EUVD-2026-33229

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

EUVD-2026-33228

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

CVE-2026-5343

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

CVE-2026-6816

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

CVE-2026-6816

Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

CVE-2026-5343

CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...

PT-2026-44707

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

Drupal TFA Basic Plugins 安全漏洞

Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...

Drupal SAML SSO - Service Provider 安全漏洞

Drupal SAML SSO – Service Provider is a Drupal Single Sign-On and SAML authentication module provided by the Drupal company. Versions of Drupal SAML SSO – Service Provider prior to 3.1.4 contained a security vulnerability. This vulnerability stemmed from improper exception condition checks, which...

DRUPAL-CONTRIB-2026-038

The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...

Exploit for SQL Injection in Drupal

python3 c...

Exploit for SQL Injection in Drupal

CVE-2026-9082 Passive checker for CVE-2026-9082 / SA-CORE-2...

Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 — Drupal RESTful Web Services RCE Python imple...

PT-2026-44164

Name of the Vulnerable Software and Affected Versions Basket versions prior to 2.1.17 Description The Basket module, which provides e-commerce and checkout functionality for Drupal sites, fails to sufficiently sanitize user-supplied data before it is processed by the PHP unserialize function. Thi...

Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038

The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...