Количество 1 988
Количество 1 988
GHSA-784p-f8qg-9fqj
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
GHSA-7638-p5r3-r7hq
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
GHSA-73q4-j324-2qcc
Incorrect authorization in Drupal core
GHSA-6x23-g67f-x44h
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
GHSA-6vg8-8jg2-mmpm
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
GHSA-6rmq-x2hv-vxpp
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
GHSA-6jcc-mv8v-q34f
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.
GHSA-6hpj-9xj7-2jxx
Drupal access control bypass vulnerability
GHSA-6gwp-wc84-3h4m
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
GHSA-6g9h-6v79-w4pc
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
GHSA-6cj8-c359-p7q9
Drupal vulnerable to Cross-site Scripting
GHSA-69w7-38mj-9qxx
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
GHSA-6955-67hm-vjjq
Drupal core arbitrary PHP code execution
GHSA-68jc-v27h-vhmw
Drupal core Unrestricted Upload of File with Dangerous Type
GHSA-68h9-7525-2j7f
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
GHSA-66mv-q8r2-hj8w
Drupal access bypass vulnerability
GHSA-66gr-xrcf-8jpq
Drupal Open Redirect
GHSA-648w-fmj6-586x
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-62cf-jvpp-48q6
Drupal Denial of Service vulnerability
GHSA-5vpr-v24w-mmjj
Drupal cross site scripting vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-784p-f8qg-9fqj Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. | 0% Низкий | больше 3 лет назад | |
| GHSA-7638-p5r3-r7hq Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-73q4-j324-2qcc Incorrect authorization in Drupal core | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| GHSA-6x23-g67f-x44h Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal. | 6% Низкий | больше 3 лет назад | |
| GHSA-6vg8-8jg2-mmpm Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | 5% Низкий | больше 3 лет назад | |
| GHSA-6rmq-x2hv-vxpp Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data | CVSS3: 8 | 1% Низкий | около 6 лет назад |
| GHSA-6jcc-mv8v-q34f Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | 1% Низкий | больше 3 лет назад | |
| GHSA-6hpj-9xj7-2jxx Drupal access control bypass vulnerability | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-6gwp-wc84-3h4m Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-6g9h-6v79-w4pc Drupal Users without "Administer comments" can set comment visibility on nodes they can edit | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6cj8-c359-p7q9 Drupal vulnerable to Cross-site Scripting | 1% Низкий | больше 3 лет назад | |
| GHSA-69w7-38mj-9qxx Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | 2% Низкий | больше 3 лет назад | |
| GHSA-6955-67hm-vjjq Drupal core arbitrary PHP code execution | CVSS3: 7.2 | 0% Низкий | больше 3 лет назад |
| GHSA-68jc-v27h-vhmw Drupal core Unrestricted Upload of File with Dangerous Type | CVSS3: 8.8 | 5% Низкий | около 4 лет назад |
| GHSA-68h9-7525-2j7f install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | 2% Низкий | больше 3 лет назад | |
| GHSA-66mv-q8r2-hj8w Drupal access bypass vulnerability | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-66gr-xrcf-8jpq Drupal Open Redirect | CVSS3: 6.8 | 0% Низкий | больше 3 лет назад |
| GHSA-648w-fmj6-586x Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-62cf-jvpp-48q6 Drupal Denial of Service vulnerability | 0% Низкий | почти 2 года назад | |
| GHSA-5vpr-v24w-mmjj Drupal cross site scripting vulnerability | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу