6 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-25277
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent...
CVE-2022-25277
Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...
CVE-2022-25277
CVE-2022-25277 concerns Drupal core file upload sanitization. The issue arises when a site allows uploading files with an htaccess extension and the two protections (sanitizing dangerous extensions and stripping leading/trailing dots) do not interact correctly, potentially bypassing default Drupa...
CVE-2022-25277
creationtimestamp| type| source ---|---|--- 2022-07-25 08:03:21+00:00| seen| https://t.me/codebysec/6298 2022-07-25 15:27:02+00:00| seen| https://t.me/truesecator/3213 2022-07-31 01:47:01+00:00| seen| https://t.me/MrVGunz/360 2023-04-26 18:25:50+00:00| seen| https://t.me/cibsecurity/62896...
Drupal RCE Vulnerability (SA-CORE-2022-014) - Windows
Drupal is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Vulnerabilities fixed in Drupal
Drupal developers have fixed multiple vulnerabilities in Drupal core. The vulnerabilities can lead to the following categories of damage: Remote code execution Administrator/Root permissions. Access to sensitive data Increased user privileges Cross-Site Scripting XSS The vulnerability with...