➠ CVE-2016-7570 | Drupal up to 8.1.9 Administer Comments Permission access control (Nessus ID 94051 / ID 11691)
A vulnerability has been found in Drupal up to 8.1.9 and classified as critical. This vulnerability affects unknown code of the component Administer Comments Permission. The manipulation leads to improper access controls. This vulnerability was named CVE-2016-7570. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2016-7570 | Drupal up to 8.1.9 Administer Comments Permission access control (Nessus ID 94051 / ID 11691)'
Access bypass - SA-CORE-2023-004
vom 3128.28 Punkte
Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive in
Improper input validation in Drupal core form
vom 2594.88 Punkte
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in
Information Disclosure - SA-CORE-2023-003
vom 2232.58 Punkte
The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages.
The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may r
[SA-CORE-2021-002] Extended XSS attribute sanitize filter to prevent cross-site scripting
vom 2134.66 Punkte
Drupal core's sanitize API failed to properly filter cross-site scripting under certain circumstances.
This vulnerability affects the following application versions:
Drupal 7.0
Drupal 7.1
Access bypass - SA-CORE-2023-005
vom 2053.48 Punkte
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to.
This vulnerability affects the following application versions:
Access bypass - SA-CORE-2022-013
vom 2033.89 Punkte
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo
Access bypass - SA-CORE-2022-013
vom 2033.89 Punkte
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo
Multiple vulnerabilities - SA-CORE-2022-016
vom 1904.28 Punkte
Official Description: Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials.
Thi
[SA-CORE-2020-012] Remote code execution
vom 1899.65 Punkte
Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.
This vulnerabi
Improper input validation - SA-CORE-2022-008
vom 1880.07 Punkte
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in
Information Disclosure - SA-CORE-2023-002
vom 1786.78 Punkte
The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files.
This vulnerability affects the following application versions:
Information disclosure in Quick Edit module
vom 1775.55 Punkte
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.
This vulnerability affects the follo