Drupal 9.3.x < 9.3.12 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.18 or 9.3.x prior to 9.3.12. It is, therefore, affected by multiple vulnerabilities: - Drupal core's form API has a vulnerability where certain contributed or custom modules' form...

DRUPAL-CORE-2022-009

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

drupal -- Cross site request forgeries

The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...