SA-CONTRIB-2009-056 - Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest API with vulnerabilities, now abandoned

Multiple vulnerabilities have been found in the following modules which have been abandoned. Their releases have been unpublished and it is recommended that they be disabled and un-installed if in use. Modules Node2Node Node Browser Subdomain Manager Quota by role Rest API Drupal core is not...

Extended Tracker - SQL Injection

The contributed module Extended Tracker xtracker accepts parameters from URLs and uses those unescaped in SQL queries, allowing malicious users to execute SQL injection attacks. This may result in them gaining administrator privileges. Versions affected Please check the CVS $Id$ fields in the fil...

Revision to DRUPAL-SA-2006-013 - Recipe

It is possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output from the contributed Recipe module. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. This is a revision to...

SQL injection and PHP code execution

Wolfgang Ziegler has discovered multiple security vulnerabilities in the contributed flexinode module. Versions affected Please check the CVS $Id$ fields in the following files to determine whether the version of the flexinode module you are running is vulnerable. All versions older than the...

Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007

Drupal core ships a rebuild.php front controller that can be used to rebuild Drupal clearing the caches and rebuilding the container when the site is in an unexpected condition. This script doesn't correctly check the Host header against the list of trusted host patterns. This could result in cac...

File Extractor - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-033

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes. The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code executio...

Taxonomy Manager - Moderately critical - Access bypass - SA-CONTRIB-2021-035

This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed. The module does not take the correct user permissions into account, allowing a...

Fast Autocomplete - Moderately critical - Access bypass - SA-CONTRIB-2021-005

The Fast Autocomplete module provides fast IMDB-like suggestions below a text input field. Suggestions are stored as JSON files in the public files folder so that they can be provided to the browser relatively fast without the need for Drupal to be bootstrapped. The module doesn't correctly...

Taxonomy CSV import/export - Moderately critical - Information disclosure - SA-CONTRIB-2019-084

Updated January 9th, 2020 This module enables you to import taxonomy terms from different sources, including a text area, a file upload or a file present in the web server. The module doesn't sufficiently validate user input when providing a local filename to import. This vulnerability is mitigat...

Menu Item Extras - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2019-050

This module enables you to handle fields for Custom Menu Links. The module doesn't sufficiently check requests to one of the module controllers if the user has permission 'administer menu'. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create...

AdTego SiteIntel - AdBlocker Detect - Critical - Unsupported - SA-CONTRIB-2018-039

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466...

Education - Critical - Unsupported - SA-CONTRIB-2018-036

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

Baidu Analytics - Critical - Unsupported - SA-CONTRIB-2018-029

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466. The security team marks all unsupported modules critical by...

Zircon - Critical - Unsupported - SA-CONTRIB-2018-037

Update - 2018-09-26 This maintainer has fixed this security issue. Please install https://www.drupal.org/project/zircon/releases/7.x-1.2 to resolve the issue. The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the...

TB Nucleus - Critical - Unsupported - SA-CONTRIB-2018-031

Update - 2018-09-26 This maintainer has fixed this security issue. Please install https://www.drupal.org/project/nucleus/releases/7.x-1.6 to fix the security issue The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the...

Simple Taxonomy Revision - Critical - Unsupported - SA-CONTRIB-2018-025

Simple Taxonomy Revision module enables revisions for taxonomy terms for Drupal 8. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read:...

VChess - Critical - Module Unsupported - SA-CONTRIB-2018-009

The Drupal VChess module allows users to play a chess game. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...

bootstrap_carousel - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-088

This module provides a way to make carousels, based on bootstrap-carousel.js. The module doesn't sufficiently handle output of img HTML tag's alt property. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Carousel: Create new content" or any simil...

Services single sign-on client - Critical - Cross-site scripting - SA-CONTRIB-2017-087

This module allows users of a remote Services-enabled Drupal site to sign on to a second site with their credentials. The module does not sanitize information from the request before displaying it, thereby exposing a cross-site scripting vulnerability...

SA-CONTRIB-2010-107 - Services - Access bypass

The Services module allows users to expose Drupal functionality to remote users. Services provides the ability for users to update nodes contained in a drupal install via the services api. When using using the node.save service it is possible for a user to supply a specifically crafted node or...

SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)

The dashboard module allows users to create a personalized set of pages of widgets created from existing blocks and nodes like iGoogle. The module does not escape user generated names for tags & titles associated with default widgets that are added to a user dashboard page, leading to a Cross Sit...

SA-CONTRIB-2010-070 - Multiple vulnerabilities in multiple contributed modules

Versions affected and proposed solutions Easy Translator for Drupal 6.x The module is vulnerable to SQL injections. Solution: Disable the module. There is no safe version of the module to use. Block Queue for Drupal 6.x The Block Queue module allows users to create "queues" of blocks much like...

SA-CONTRIB-2010-052 - Multiple vulnerabilities in multiple contributed modules

Versions affected and proposed solutions Private Message versions for the 5.x versions of Drupal The Privatemsg also known as Private Message module enables messages to be sent internally on a site. The module is vulnerable to cross-site request forgeries CSRF via it's message delete form. This...

SA-CONTRIB-2010-025 - TinyMCE - Cross Site Scripting (XSS)

The TinyMCE module provides a "WYSIWYG" tool for entering rich text into various parts of a site. The TinyMCE module displayed text entered by an admin without filtering that text leading to a Cross Site Scription XSS vulnerability. XSS vulnerabilities may expose site administrative accounts whic...

SA-CONTRIB-2009-071 - Organic Groups Vocabulary Access Bypass

Description The Organic Groups Vocabulary module enables an organic group to have a group specific vocabulary. A vulnerability in this module allows any group member, even if they are not a group admin, to view, edit, and create vocabularies and terms for all groups. Versions affected Organic...

SA-2008-031 - Pblog - Incorrect vulnerability report

Exploitable from: Remote Subject: Incorrect vulnerability report Several 'security'-related sources claim - with SecurityFocus as source http://www.securityfocus.com/bid/29495/info - that the third-party Drupal module Pblog is vulnerable to SQL injection attacks. The Drupal security team has...

E-commerce Cross site scripting vulnerability

It is possible for a malicious user with the 'create products' permission to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. The create products permission is...

Easylinks multiple vulnerabilities

Unescaped input is used directly in queries, allowing malicious users to execute SQL injection attacks. This may result in administrator privileges. It is also possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to...

DRUPAL-SA-2006-015: Multiple vulnerabilities in Bibliography

Unescaped input is used directly in queries, allowing malicious users to execute SQL injection attacks. This may result in administrator access. It is also possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to...

Flexi Access - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-036

The Flexi Access module will provide a simple and flexible interface to the ACL Access Control List module. It will let you set up and mange ACLs naming individual users that are allowed access to a particular node. The module processes user input in a way that could be unsafe. This can lead to...

Expandable Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-028

This module enables you to render a field in an expandable/collapsible region. The module doesn't sufficiently sanitize the field content when displaying it to an end user. This vulnerability is mitigated by the fact that an attacker must have a role capable of creating content that uses the fiel...

H5P - Create and Share Rich Content and Applications - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-064

This module enables you to create interactive content. The module doesn't sufficiently stop path traversal attacks through zipped filenames for the uploadable .h5p files. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "update h5p libraries". In...

Duo Two-Factor Authentication - Critical - Unsupported - SA-CONTRIB-2022-039

The security team is marking this project unsupported. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

Private Taxonomy Terms - Critical - Access bypass, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2022-014

This module enables users to create 'private' vocabularies. The module doesn't sufficiently check user access permissions when attempting to view, edit, or add terms to vocabularies, including vocabularies not managed by the module. Partial mitigation is available by requiring users have been...

Exif - Critical - Remote code execution - SA-CONTRIB-2022-015

This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures. The module doesn't sufficiently protect against malicious files being used to attack the site. This vulnerability is mitigated by the fact that an attacker mus...

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2021-036

This module provides a solution to authenticate visitors using existing SAML providers. Certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" an...

Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031

Aegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites. Given that Aegir can use both Apache and Nginx Web servers, Apache allows configuration-writing users to escalate their privileges to the superuser root, and Aegir's operations...

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in. The module doesn't sufficiently filter menu titles when used in a dropdown in the main menu. This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the...

External Links Filter - Moderately critical - Open Redirect Vulnerability - SA-CONTRIB-2019-063

The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL. The module did not have protection for the Redirect URL to go where content authors intended...

Stage File Proxy - Less critical - Denial of Service - SA-CONTRIB-2019-044

Stage File Proxy is a general solution for getting production files on a development server on demand. The module doesn't sufficiently validate requested urls, allowing an attacker to send repeated requests for files that do not exist which could exhaust resources on the server where Stage File...

Context - Moderately critical - Cross site scripting - SA-CONTRIB-2019-028

This module enables you to manage contextual conditions and reactions for different portions of your site. The module doesn't sufficiently sanitize user output when displayed leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must hav...

Gridstack field - Critical - Unsupported - SA-CONTRIB-2019-008

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466...

Panels Breadcrumbs - Moderately critical - Cross site scripting - SA-CONTRIB-2019-007

Panels Breadcrumbs allows you to set your breadcrumbs directly from Panels configuration. This module doesn't properly sanitize custom breadcrumb configuration in all cases, leading to an XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to edit...

JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081

This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. This mea...

Mime Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-068

The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. The module doesn't sufficiently sanitized some variables for shell arguments when sending email, which could lead to arbitrary remote code execution. This issue is related to the Drupal Core...

Lightbox2 - Critical - Cross Site Scripting - SA-CONTRIB-2018-064

The Lightbox2 module enables you to overlay images on the current page. The module did not sanitize some inputs when used in combination with a custom view leading to potential Cross Site Scripting XSS...

Taxonomy File Tree - Moderately critical - Access bypass - SA-CONTRIB-2018-061

Taxonomy File Tree allows site managers to create file trees. For files managed as Drupal files, the module does not properly check that a user has access to a file before letting the user download the file. This vulnerability only affects sites that use private files...

Taxonomy Entity Queue - Critical - SQL Injection - SA-CONTRIB-2018-052

This module enables you to create an entityqueue based on a taxonomy. The module did not properly use Drupal's database API when querying the database with user supplied values, allowing an attacker to send a specially crafted request to modify the query or potentially perform additional queries...

Scrollable Content - Critical - Unsupported - SA-CONTRIB-2018-026

Scrollable Content provides a scrolling functionality for your content. Scrollable Content will give you a nice content slider preview of your site's nodes, and provides some display options. The security team is marking this module unsupported. There is a known security issue with the module tha...