8 matches found
EUVD-2011-4877
Malware in sbrugna...
EUVD-2012-2072
Malware in sbrugna...
Detection of Error Condition Without Action
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to a bug in the CKEditor 5 module that incorrectly handles image uploads. An...
Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002
Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site. The issue is mitigated by the fact that several non-defau...
Server side request forgery (ssrf)
hookfiledownload in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request...
Chamillo LMS 1.11.8 - Arbitrary File Upload
Chamillo LMS 1.11.8 - Arbitrary File Upload Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload Google Dork: "powered by chamilo" Date: 2018-10-05 Exploit Author: Sohel Yousef jellyfish security team Software Link: https://chamilo.org/en/download/ Version: Chamilo 1.11.8 or lower to 1.8...
CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text...
CVE-2012-2067
The CVE-2012-2067 entry covers Drupal CKEditor/FCKeditor modules (CKEditor 6.x-1.x before 6.x-1.9; CKEditor 7.x-1.x before 7.x-1.7; FCKeditor 6.x-2.x before 6.x-2.3) when the core PHP module is enabled. The root cause is an improper handling in the text filter parameter that allows remote authent...