Lucene search
K

6 matches found

Prion
Prion
added 2023/04/26 3:15 p.m.23 views

Remote code execution

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

5.8CVSS7.4AI score0.01422EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/26 12:0 a.m.435 views

CVE-2022-25277

CVE-2022-25277 concerns Drupal core file upload sanitization. The issue arises when a site allows uploading files with an htaccess extension and the two protections (sanitizing dangerous extensions and stripping leading/trailing dots) do not interact correctly, potentially bypassing default Drupa...

7.2CVSS7.3AI score0.01422EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/21 12:0 a.m.33 views

Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...

7.5CVSS7.8AI score0.01422EPSS
Exploits0References9
CISA
CISA
added 2019/12/19 12:0 a.m.10 views

Drupal Releases Security Updates

Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

6.8AI score
Exploits0References4
OpenVAS
OpenVAS
added 2019/12/19 12:0 a.m.16 views

Drupal 8.x Multiple Vulnerabilities (SA-CORE-2019-009, SA-CORE-2019-010, SA-CORE-2019-011) - Windows

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

7.3AI score
Exploits0References3
Drupal
Drupal
added 2019/12/18 12:0 a.m.30 views

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to...

6.9AI score
Exploits0References19
Rows per page
Query Builder