3 matches found
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
Immunity Canvas: DRUPAL_SERVICES_RCE
Name| drupalservicesrce ---|--- CVE| CVE-2019-6340 Exploit Pack| CANVAS Description| CVE-2019-6340 Notes| CVE Name: CVE-2019-6340 VENDOR: Drupal NOTES: An unauthenticated unserialization bug can be exploited on the RESTful Web Services module on the Drupal core for the following versions: 7.X...
CVE-2019-6340 Drupal core - Highly critical - Remote Code Execution
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...