Lucene search
K

5 matches found

Drupal
Drupal
added 2023/11/29 12:0 a.m.22 views

Xsendfile - Moderately critical - Access bypass - SA-CONTRIB-2023-053

The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of...

7AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.17 views

Fedora 39 : drupal7 (2023-b659c62db9)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b659c62db9 advisory. - 7.98 - 7.97 - 7.96 - SA-CORE-2023-005 - 7.95 - SA-CORE-2023-004 - 7.94 - 7.93 Tenable has extracted the preceding description block directly from the Fedor...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/04/27 12:0 a.m.18 views

Drupal Access Bypass Vulnerability (SA-CORE-2023-005) - Windows

Drupal is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

6.5CVSS6.5AI score0.0054EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.20 views

Drupal 7.x < 7.96 / 9.4.x < 9.4.14 / 9.5.x < 9.5.8 / 10.x < 10.0.8 Drupal Vulnerability (SA-CORE-2023-005)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.96, 9.4.x prior to 9.4.14, 9.5.x prior to 9.5.8, or 10.x prior to 10.0.8. It is, therefore, affected by a vulnerability. - The file download facility doesn't sufficiently sanitize fil...

6.5CVSS5.9AI score0.0054EPSS
Exploits0References8
Drupal
Drupal
added 2023/04/19 12:0 a.m.133 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5CVSS6.5AI score0.0054EPSS
Exploits0References25
Rows per page
Query Builder