Lucene search
K

7 matches found

Prion
Prion
added 2023/04/26 3:15 p.m.23 views

Remote code execution

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

5.8CVSS7.4AI score0.01422EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/26 12:0 a.m.438 views

CVE-2022-25277

CVE-2022-25277 concerns Drupal core file upload sanitization. The issue arises when a site allows uploading files with an htaccess extension and the two protections (sanitizing dangerous extensions and stripping leading/trailing dots) do not interact correctly, potentially bypassing default Drupa...

7.2CVSS7.3AI score0.01422EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/21 12:0 a.m.34 views

Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...

7.5CVSS7.8AI score0.01422EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.20 views

Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-012) - Windows

Drupal is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

8.8CVSS9AI score0.04269EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/11/20 12:0 a.m.63 views

Drupal 7.x < 7.74 / 8.x < 8.8.11 / 8.9.x < 8.9.9 / 9.0.x < 9.0.8 RCE (SA-CORE-2020-012)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.74, 8.x prior to 8.8.11, 8.9.x prior to 8.9.9, or 9.0.x prior to 9.0.8. It is, therefore, affected by a remote code execution vulnerability in its file upload functionality due to a...

8.8CVSS8.6AI score0.04269EPSS
Exploits0References6
CISA
CISA
added 2020/11/19 12:0 a.m.17 views

Drupal Releases Security Updates

Drupal has released security updates to address a critical vulnerability in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2020/11/18 12:0 a.m.13 views

Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036

Media oEmbed does not properly sanitize certain filenames as described in SA-CORE-2020-012...

6.7AI score
Exploits0References7
Rows per page
Query Builder