Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal core vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2009-2372
Drupal 6.x prior to 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via...
Drupal Drupal
383
VMScore
CVE-2009-2374
Drupal 5.x prior to 5.19 and 6.x prior to 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from...
Drupal Drupal
534
VMScore
CVE-2008-4790
The core upload module in Drupal 5.x prior to 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Drupal Drupal 5.5
Drupal Drupal 5.4
Drupal Drupal 5.0
Drupal Drupal 5.3
Drupal Drupal 5.2
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.1
Drupal Drupal 5.7
Drupal Drupal 5.6
Drupal Drupal
534
VMScore
CVE-2008-4792
The core BlogAPI module in Drupal 5.x prior to 5.11 and 6.x prior to 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Drupal Drupal
534
VMScore
CVE-2008-4789
The validation functionality in the core upload module in Drupal 6.x prior to 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.0
Drupal Drupal 6.3
Drupal Drupal
383
VMScore
CVE-2007-5596
The core Upload module in Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 places the .html extension on a whitelist, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by uploading .html files.
Drupal Drupal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8