Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-7600
Drupal prior to 7.58, 8.x prior to 8.3.9, 8.4.x prior to 8.4.6, and 8.5.x prior to 8.5.1 allows remote malicious users to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Drupal Drupal
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
3 EDB exploits
62 Github repositories
2 Articles
9.8
CVSSv3
CVE-2015-7877
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x prior to 7.x-1.4 for Drupal allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
User Dashboard Project User Dashboard 7.x-1.x-dev
User Dashboard Project User Dashboard 7.x-1.3
User Dashboard Project User Dashboard 7.x-1.2
9
CVSSv3
CVE-2015-8761
The Values module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.
Values Project Values 7.x-1.1
Values Project Values 7.x-1.0
8.8
CVSSv3
CVE-2022-26493
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the S...
Drupal Saml Sp 2.0 Single Sign On
8.8
CVSSv3
CVE-2020-13663
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Drupal Drupal
8.8
CVSSv3
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker c...
Drupal Drupal
8.8
CVSSv3
CVE-2018-25002
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.
Sunhater Kcfinder
8.8
CVSSv3
CVE-2020-13671
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 ver...
Drupal Drupal
Fedoraproject Fedora 32
Fedoraproject Fedora 33
8.8
CVSSv3
CVE-2013-4227
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x prior to 7.x-1.11 for Drupal allows remote malicious users to hijack the authentication of aribitrary users via a security token that is not ...
Mozilla Persona
8.8
CVSSv3
CVE-2013-4225
The RESTful Web Services (restws) module 7.x-1.x prior to 7.x-1.4 and 7.x-2.x prior to 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create ...
Restful Web Services Project Restful Web Services
Restful Web Services Project Restful Web Services 7.x-2.x
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »