Exploit for Generation of Error Message Containing Sensitive Information in Drupal

Enumeration tool for CVE-2024-45440 by DividesByZer0 & c0d3Ninja...

📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

Drupal 11.x-dev - Full Path Disclosure

!/usr/bin/env python Exploit Title: Drupal 11.x-dev - Full Path Disclosure Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Version: 11.x-dev CVE:...

Drupal Information Disclosure Vulnerability (GHSA-mg8j-w93w-xjgc) - Active Check

Drupal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Drupal Information Disclosure Vulnerability (GHSA-mg8j-w93w-xjgc) - Linux - Version Check

Drupal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Drupal Information Disclosure Vulnerability (GHSA-mg8j-w93w-xjgc) - Windows - Version Check

Drupal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2022-45440

The CVE-2022-45440 issue affects Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, where the FTP server processes symbolic links on external storage. A local attacker with administrator privileges can abuse this to access the device’s root filesystem by creating a symbolic link on a USB/external...

CVE-2021-45440

CVE-2021-45440 affects Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on‑prem). The issue is an unrelated privilege escalation via an impersonation vulnerability in the Security Server pipeline, allowing a local attacker who can run low‑privileged code to escalate to ...