Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
9.8
CVSSv3
CVE-2012-2714
The BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users via the audience identifier.
Browserid Project Browserid 7.x-1.0
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
9.8
CVSSv3
CVE-2019-19826
The Views Dynamic Fields module up to and including 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion...
Drupal Views Dynamic Field
Drupal Views Dynamic Field 7.x-1.0
9.8
CVSSv3
CVE-2019-10910
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Sensiolabs Symfony
Drupal Drupal
9.8
CVSSv3
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x prior to 2.1.1 and 3.x prior to 3.1.1 for TYPO3 does not prevent directory traversal, which allows malicious users to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar...
Typo3 Pharstreamwrapper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Drupal Drupal
Joomla Joomla\\!
9.8
CVSSv3
CVE-2019-6339
In Drupal Core versions 7.x before 7.62, 8.6.x before 8.6.6 and 8.5.x before 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) ma...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
9.8
CVSSv3
CVE-2017-6925
In versions of Drupal 8 core before 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access r...
Drupal Drupal
9.8
CVSSv3
CVE-2017-6920
Drupal core 8 prior to 8.3.4 allows remote malicious users to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Drupal Drupal
2 Github repositories
9.8
CVSSv3
CVE-2018-7602
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows malicious users to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal co...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
2 EDB exploits
8 Github repositories
9.8
CVSSv3
CVE-2014-5170
The Storage API module 7.x prior to 7.x-1.6 for Drupal might allow remote malicious users to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
Drupal Storage Api 7.x-1.5
Drupal Storage Api 7.x-1.3
Drupal Storage Api 7.x-1.1
Drupal Storage Api 7.x-1.0
Drupal Storage Api 7.x-1.x-dev
Drupal Storage Api 7.x-1.4
Drupal Storage Api 7.x-1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »