Exploit for OS Command Injection in Gnu Bash

AppAssault Lab — Attacking Common Applications ╔═════...

AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021

The AI Automators module a submodule of AI enables you to create different automated tasks that fills out field data using LLM outputs. The module doesn't sufficiently sanitize input before passing it to the underlying shell as part of a command for execution, allowing an attacker to run arbitrar...

AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022

The AI Automators module a submodule of AI enables you to create different automated tasks that fills out a field data using LLM outputs. The module contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Arbitrary File Deletion. It may be...

PT-2024-10138 · Drupal · Megamenu Framework

Name of the Vulnerable Software and Affected Versions: Megamenu Framework versions . Description: The issue is related to insufficient input validation in the Megamenu Framework module of the Drupal CMS, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: For...

PT-2024-10363 · Acquia · Acquia Dam

Name of the Vulnerable Software and Affected Versions: Acquia DAM versions 0.0.0 through 1.0.12 Acquia DAM versions 1.1.0 through 1.1.0-beta2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Acquia DAM module of the Drupal CMS system. This vulnerability...

Drupal 9.4.x < 9.4.12 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

Multiple Code Execution Flaws Found In PHP Programming Language

Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext...

[SECURITY] Fedora 28 Update: drupal7-7.66-1.fc28

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security patches were released almost two months ago. Security researcher Troy...

400 popular Drupal based websites hacked to mine cryptocurrency

By Waqas Vulnerability in Drupal CMS Converted Popular Websites into Monero mining This is a post from HackRead.com Read the original post: 400 popular Drupal based websites hacked to mine cryptocurrency...

Drupalgeddon Two.

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a...

Critical Vulnerability in Drupal CMS Used for Cryptomining

By Uzair Amir For your information, Drupal is also an open-source content management This is a post from HackRead.com Read the original post: Critical Vulnerability in Drupal CMS Used for Cryptomining...

Drupal 8 – CVE-2017-6926漏洞详解

作者：绿盟科技 来源： 近期，著名的Drupal CMS网站爆出7个漏洞，其中1个严重漏洞CVE-2017-6926，具有发表评论权限的用户可以查看他们无权访问的内容和评论，并且还可以为该内容添加评论。绿盟科技于上周发布了《Drupal下周将发布重要安全补丁威胁预警通告》。 本篇文章对Drupal 8 – CVE-2017-6926漏洞进行了详细分析。 CVE-2017-6926 漏洞详情 先看下drupal官网的通告： 有发布评论权限的用户，可以查看他们无权访问的内容和评论。 并且还可以为此内容添加评论。 想要触发这个漏洞，必须启用评论系统，并且攻击者必须有权发布评论。...

Drupal 8.x < 8.2.8 / 8.3.x < 8.3.1 Access Bypass Vulnerability (SA-CORE-2017-002)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.2.8 or 8.3.x prior to 8.3.1. It is, therefore, affected by an access bypass vulnerability due to an unspecified flaw when the RESTful Web Services rest module is enabled and the site...

Drupal CMS: source code security analysis report

Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...

Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities

This Bug in fonction ' getimagesize ' is Multiple Vulnerabilities in Drupal CMS, When you Upload NULL Image-Size the Script Can't Read the Image Content and show you some errors, The Attacker can use this bug to get some important information like SQL Info's or Disclosure the Full Path of drupal...

Drupal Custom Publishing Options 6.x XSS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Reported: January 3, 2012 Author: Justin C. Klein Keane Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Custom...

Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities

No description provided by source. Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link : http://drupal.org/download Vendor site : http://drupal.org Version : 7.12 and lower Tested on : Debian...

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date :...

Drupal 7.12 - Multiple Vulnerabilities

Drupal 7.12 - Multiple Vulnerabilities +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author :...