Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2008-6020
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
CVE-2009-0382
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors.
CVE-2009-0382
Unspecified vulnerability in Internationalization (i18n) Translation 5 ...
CVE-2008-5999
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.
CVE-2008-5998
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.
CVE-2008-5996
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.
CVE-2008-4793
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
CVE-2008-4793
The node module API in Drupal 5.x before 5.11 allows remote attackers ...
CVE-2008-4792
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
CVE-2008-4792
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2008-6020 SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | CVSS2: 7.5 | 1% Низкий | почти 17 лет назад |
| CVE-2009-0382 Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | почти 17 лет назад |
| CVE-2009-0382 Unspecified vulnerability in Internationalization (i18n) Translation 5 ... | CVSS2: 4.3 | 0% Низкий | почти 17 лет назад |
| CVE-2008-5999 Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. | CVSS2: 3.5 | 0% Низкий | почти 17 лет назад |
| CVE-2008-5998 Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. | CVSS2: 6 | 0% Низкий | почти 17 лет назад |
| CVE-2008-5996 Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | CVSS2: 3.5 | 0% Низкий | почти 17 лет назад |
| CVE-2008-4793 The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | CVSS2: 7.5 | 0% Низкий | около 17 лет назад |
| CVE-2008-4793 The node module API in Drupal 5.x before 5.11 allows remote attackers ... | CVSS2: 7.5 | 0% Низкий | около 17 лет назад |
| CVE-2008-4792 The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | CVSS2: 6 | 0% Низкий | около 17 лет назад |
| CVE-2008-4792 The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ... | CVSS2: 6 | 0% Низкий | около 17 лет назад |
Уязвимостей на страницу