Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2013-7067
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
CVE-2013-7067
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
CVE-2013-6389
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-6389
Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2013-6386
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
CVE-2013-6386
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand functi ...
CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.
CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ...
CVE-2013-6386
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
CVE-2013-6389
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2013-7067 The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | CVSS2: 5.8 | 0% Низкий | около 12 лет назад |
 | CVE-2013-7067 The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | CVSS2: 5.8 | 0% Низкий | около 12 лет назад |
| CVE-2013-6389 Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | CVSS2: 5.8 | 0% Низкий | около 12 лет назад |
| CVE-2013-6389 Open redirect vulnerability in the Overlay module in Drupal 7.x before ... | CVSS2: 5.8 | 0% Низкий | около 12 лет назад |
| CVE-2013-6386 Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. | CVSS2: 6.8 | 0% Низкий | около 12 лет назад |
| CVE-2013-6386 Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand functi ... | CVSS2: 6.8 | 0% Низкий | около 12 лет назад |
| CVE-2013-6385 The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors. | CVSS2: 5.1 | 2% Низкий | около 12 лет назад |
| CVE-2013-6385 The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ... | CVSS2: 5.1 | 2% Низкий | около 12 лет назад |
| CVE-2013-6386 Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. | CVSS2: 6.8 | 0% Низкий | около 12 лет назад |
| CVE-2013-6389 Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | CVSS2: 5.8 | 0% Низкий | около 12 лет назад |
Уязвимостей на страницу