6 matches found
Remote code execution
Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...
CVE-2022-25277
CVE-2022-25277 concerns Drupal core file upload sanitization. The issue arises when a site allows uploading files with an htaccess extension and the two protections (sanitizing dangerous extensions and stripping leading/trailing dots) do not interact correctly, potentially bypassing default Drupa...
Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Drupal 8.x Multiple Vulnerabilities (SA-CORE-2019-009, SA-CORE-2019-010, SA-CORE-2019-011) - Windows
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to...