Drupal 7.x < 7.57 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. CVE-2017-6926 - A flaw exists with the...

Drupal 8.x < 8.4.5 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. CVE-2017-6926 - A flaw exists with the...

Drupal 8.5.x < 8.5.0-rc1 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. CVE-2017-6926 - A flaw exists with the...

CVE-2017-6930

Summary (grounded): CVE-2017-6930 affects Drupal 8.4.x prior to 8.4.5 where, on multilingual sites using node access controls, the untranslated node is incorrectly treated as the default fallback for access queries. This can enable an access bypass. The issue is limited to sites that use the Cont...

Drupal 8.x < 8.4.5 Multiple Vulnerabilities (SA-CORE-2018-001)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not...