📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

📄 Drupal 11.x-dev Path Disclosure

Drupal version 11.x-dev suffers from a path disclosure vulnerability. !/usr/bin/env python Exploit Title: Drupal 11.x-dev - Full Path Disclosure Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...

GHSA-MG8J-W93W-XJGC Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

Summary: CVE-2024-45440 affects Drupal 11.x-dev, where core/authorize.php can disclose full file paths when hash_salt is set to file_get_contents of a non-existent file. Affected components: Drupal 11.x-dev, core/authorize.php. Root cause (as stated): hash_salt evaluated via file_get_contents of ...