1. Reverse Engineering >
  2. Exploits >
  3. Drupal up to 8.5.10/8.6.9 RESTful Web Services POST Request PHP Code Execution privilege escalation

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Drupal up to 8.5.10/8.6.9 RESTful Web Services POST Request PHP Code Execution privilege escalation


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in Drupal up to 8.5.10/8.6.9 (Content Management System). It has been classified as critical. This affects some unknown functionality of the component RESTful Web Services. Upgrading to version 8.5.11 or 8.6.10 eliminates this vulnerability....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.131091

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • [SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem

    vom 1401.65 Punkte ic_school_black_18dp
    Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following app
  • [SA-CORE-2019-002] Arbitrary PHP code execution

    vom 1299.93 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated
  • Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001

    vom 1103.07 Punkte ic_school_black_18dp
    Project:  Drupal core Version:  8.4.x-dev 7.x-dev Date:  2018-February-21 Security risk:  Critical 16∕25 AC:Basic/A:User/CI:Some/II:Some/E:Exploit/TD:Default Vulnerability:  Multiple Vulnerabilities Description:  This security
  • [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete

    vom 1092.84 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vu
  • Drupal bis 7.51 Confirmation Form Redirect erweiterte Rechte

    vom 934.88 Punkte ic_school_black_18dp
    Es wurde eine Schwachstelle in Drupal bis 7.51 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist eine unbekannte Funktion der Komponente Confirmation Form. Dank Manipulation mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schw
  • Drupal bis 7.51 Confirmation Form Redirect erweiterte Rechte

    vom 934.88 Punkte ic_school_black_18dp
    Es wurde eine Schwachstelle in Drupal bis 7.51 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist eine unbekannte Funktion der Komponente Confirmation Form. Dank Manipulation mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schw
  • Injection in DefaultMailSystem::mail()

    vom 908.73 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • External URL injection through URL aliases

    vom 904.55 Punkte ic_school_black_18dp
    In certain circumstances the user could enter a particular path that triggered an open redirect to a malicious URL. While this issue was mitigated by the fact that the user needed the administer paths permission to exploit, the path module has been patch
  • [CVE-2016-3169] Saving user accounts could sometimes grant the user all roles

    vom 880.1 Punkte ic_school_black_18dp
    A hacker may acquire administrator rights using a custom Drupal module hat performs a form rebuild during submission of the user profile form. Part of security release SA-CORE-2016-001 This vulnerability affects the following application versions: Dr
  • Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

    vom 858.2 Punkte ic_school_black_18dp
    Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities. Download Drupal 8.3.4 Download Drupal 7.56 Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for D
  • Remote Code Execution vulnerability within multiple subsystem

    vom 855.87 Punkte ic_school_black_18dp
    A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allowed attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. Part of securit
  • Drupal bis 7.40 Overlay Module Redirect

    vom 832.7 Punkte ic_school_black_18dp
    Eine Schwachstelle wurde in Drupal bis 7.40 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine unbekannte Funktion der Komponente Overlay Module. Durch das Beeinflussen mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schwachstelle (Redirect)

Team Security Diskussion über Drupal up to 8.5.10/8.6.9 RESTful Web Services POST Request PHP Code Execution privilege escalation