Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-2704

Malware in sbrugna...

7.5CVSS7.4AI score0.01598EPSS
Exploits0References7
Veracode
Veracode
added 2022/08/08 7:29 a.m.25 views

Information Disclosure

drupal/core is vulnerable to information disclosure. The vulnerability exists due to a lack of input validation in the ImageStyleDownloadController.php as it only restricts access to non-public files if stored in the private file directory, allowing an attacker to gain access to additional files ...

7.5CVSS7AI score0.00667EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2019/11/15 5:15 p.m.22 views

Design/Logic Flaw

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied...

5CVSS6.9AI score0.01598EPSS
Exploits0References6Affected Software4
Debian CVE
Debian CVE
added 2019/11/15 4:21 p.m.50 views

CVE-2011-2726

Removed by vendor...

7.5CVSS7.5AI score0.01598EPSS
Exploits0
Drupal
Drupal
added 2011/07/27 12:0 a.m.506 views

SA-CORE-2011-003 - Drupal core - Access bypass

CVE: CVE-2011-2726 Access bypass in private file fields on comments. Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory. If a Drupal site is using these...

7.5CVSS7.8AI score0.01598EPSS
Exploits0References10
Rows per page
Query Builder