Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 975

CVE-2008-5999

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

CVSS2: 3.5

EPSS: Низкий

CVE-2008-5998

больше 16 лет назад

Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.

CVSS2: 6

EPSS: Низкий

CVE-2008-5996

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.

CVSS2: 3.5

EPSS: Низкий

CVE-2008-4793

почти 17 лет назад

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

CVSS2: 7.5

EPSS: Низкий

CVE-2008-4793

почти 17 лет назад

The node module API in Drupal 5.x before 5.11 allows remote attackers ...

CVSS2: 7.5

EPSS: Низкий

CVE-2008-4792

почти 17 лет назад

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

CVSS2: 6

EPSS: Низкий

CVE-2008-4792

почти 17 лет назад

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...

CVSS2: 6

EPSS: Низкий

CVE-2008-4791

почти 17 лет назад

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

CVSS2: 6

EPSS: Низкий

CVE-2008-4791

почти 17 лет назад

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might all ...

CVSS2: 6

EPSS: Низкий

CVE-2008-4790

почти 17 лет назад

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

CVSS2: 6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-5999 Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.	CVSS2: 3.5	0% Низкий	больше 16 лет назад
CVE-2008-5998 Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.	CVSS2: 6	0% Низкий	больше 16 лет назад
CVE-2008-5996 Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.	CVSS2: 3.5	0% Низкий	больше 16 лет назад
CVE-2008-4793 The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.	CVSS2: 7.5	0% Низкий	почти 17 лет назад
CVE-2008-4793 The node module API in Drupal 5.x before 5.11 allows remote attackers ...	CVSS2: 7.5	0% Низкий	почти 17 лет назад
CVE-2008-4792 The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.	CVSS2: 6	0% Низкий	почти 17 лет назад
CVE-2008-4792 The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...	CVSS2: 6	0% Низкий	почти 17 лет назад
CVE-2008-4791 The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.	CVSS2: 6	0% Низкий	почти 17 лет назад
CVE-2008-4791 The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might all ...	CVSS2: 6	0% Низкий	почти 17 лет назад
CVE-2008-4790 The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.	CVSS2: 6	0% Низкий	почти 17 лет назад

Уязвимостей на страницу