Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 966
CVE-2006-2831
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
CVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
CVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload. ...
CVE-2006-2831
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ...
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ...
CVE-2006-2831
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
CVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
CVE-2006-2743
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-2831 Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | CVSS2: 7.5 | 4% Низкий | около 19 лет назад |
| CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
| CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload. ... | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
| CVE-2006-2831 Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ... | CVSS2: 7.5 | 4% Низкий | около 19 лет назад |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ... | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
 | CVE-2006-2831 Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | CVSS2: 7.5 | 4% Низкий | около 19 лет назад |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
| CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
| CVE-2006-2743 Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. | CVSS2: 5.1 | 20% Средний | около 19 лет назад |
Уязвимостей на страницу