VIR Vulnerability Intelligence Relay

Package impact

php Packagist / drupal/drupal

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-7602 critical 10.0 8y ago A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. archphp
CVE-2018-7600 critical 10.0 8y ago Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. archphp
CVE-2020-13672 critical 9.5 5y ago Drupal core Cross-site Scripting (XSS) vulnerability archphp
CVE-2016-6211 high 8.8 8.8 10y ago Drupal Saving user accounts can sometimes grant the user all roles debianphpdrupal
CVE-2017-6381 high 8.1 8.1 9y ago Drupal Remote code execution phpdrupal
CVE-2016-3171 high 8.1 8.1 10y ago Drupal arbitrary code execution debianphpdrupal
CVE-2016-3169 high 8.1 8.1 10y ago Drupal saving user accounts can sometimes grant the user all roles debianphpdrupal
CVE-2016-3162 high 8.1 8.1 10y ago Drupal File upload access bypass and denial of service debianphpdrupal
CVE-2021-33829 high 8.0 5y ago ckeditor4 vulnerable to cross-site scripting archdebianrubyphp+1
CVE-2017-6919 high 7.5 7.5 9y ago Drupal access control bypass vulnerability phpdrupal
CVE-2017-6379 high 7.5 7.5 9y ago Drupal Cross-Site Request Forgery (CSRF) phpdrupal
CVE-2017-6377 high 7.5 7.5 9y ago Drupal editor module incorrectly checks access to inline private files phpdrupal
CVE-2016-9450 high 7.5 7.5 10y ago Drupal Incorrect cache context on password reset page archphpdrupal
CVE-2016-3165 high 7.5 7.5 10y ago Drupal Form API ignores access restrictions on submit buttons phpdrupal
CVE-2016-3163 high 7.5 7.5 10y ago Drupal Brute force amplification attacks via XML-RPC debianphpdrupal
CVE-2016-3167 high 7.4 7.4 10y ago Drupal Open redirect vulnerability in the drupal_goto function debianphpdrupal
CVE-2016-3164 high 7.4 7.4 10y ago Drupal Open Redirect debianphpdrupal
CVE-2016-9452 medium 6.5 6.5 10y ago Drupal Denial of service via transliterate mechanism archphpdrupal
CVE-2016-3168 medium 6.4 6.4 10y ago Drupal Reflected file download vulnerability debianphpdrupal
CVE-2016-7571 medium 6.1 6.1 10y ago Drupal Cross-site scripting (XSS) vulnerability phpdrupal
CVE-2016-3166 medium 5.9 5.9 10y ago Drupal CRLF injection vulnerability in the drupal_set_header function debianphpdrupal
CVE-2013-6389 medium 5.8 13y ago Drupal has open redirect vulnerability in the Overlay module phpdrupal
CVE-2012-1589 medium 5.8 14y ago Drupal Open Redirect phpdrupal
CVE-2016-6212 medium 5.3 5.3 10y ago Drupal Views can allow unauthorized users to see Statistics information phpdrupal
CVE-2016-3170 medium 5.3 5.3 10y ago Drupal sensitive information disclosure debianphpdrupal
CVE-2016-9449 medium 4.3 4.3 10y ago Drupal sensitive information disclosure archphpdrupal
CVE-2016-7572 medium 4.3 4.3 10y ago Drupal Unprivileged access to config export phpdrupal
CVE-2016-7570 medium 4.3 4.3 10y ago Drupal Users without "Administer comments" can set comment visibility on nodes they can edit phpdrupal
CVE-2012-2153 medium 4.0 14y ago Drupal improper access restrictions phpdrupal
CVE-2010-3094 low 2.1 16y ago Drupal cross-site scripting vulnerability via actions feature and trigger module phpdrupal