Exploit for Deserialization of Untrusted Data in Drupal

This is a PoC exploit for CVE-2019-6340, a remote code execution...

Drupal 8.6.x < 8.6.15 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Several flaws exist in third-party Symfony PHP framework. - A flaw exists in third-party jQuery JavaScript library. Note that the scanner has not tested for these issues but...

Drupal 8.6.x < 8.6.10 Remote Code Execution Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 8.5.x prior to 8.5.11 or 8.6.x prior to 8.6.10. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of data from non-form sources. Note that the scanner...

Drupal 8.6.x < 8.6.10 RCE (SA-CORE-2019-003)

Binary data 700420.prm...

Drupal 8.6.x < 8.6.6 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in third-party PEAR ArchiveTar library. - A flaw exists in PHP's built-in phar stream wrapper that could lead to a remote code execution when performing file...

Drupal 8.6.x < 8.6.0-beta2 Symfony Legacy HTTP Headers Vulnerability

According to its self-reported version number, the detected Drupal application is affected by a vulnerability in Symfony library X-Original-URL and X-Rewrite-URL HTTP headers support. Note that the scanner has not tested for these issues but has instead relied only on the application's...