Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.
Max CVSS
9.8
EPSS Score
0.10%
Published
2022-06-03
Updated
2022-07-03
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Max CVSS
10.0
EPSS Score
0.66%
Published
2020-12-17
Updated
2020-12-18
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-02-11
Updated
2022-02-18
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1.
Max CVSS
9.8
EPSS Score
0.31%
Published
2021-05-05
Updated
2022-07-12
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.
Max CVSS
9.3
EPSS Score
0.49%
Published
2021-05-05
Updated
2021-05-14
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-12-16
Updated
2019-12-27
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Max CVSS
9.8
EPSS Score
2.75%
Published
2019-05-09
Updated
2021-10-01
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Max CVSS
9.8
EPSS Score
1.53%
Published
2019-05-16
Updated
2021-09-29
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Max CVSS
9.8
EPSS Score
0.31%
Published
2020-05-28
Updated
2021-07-21
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
Max CVSS
9.8
EPSS Score
92.71%
Published
2019-01-22
Updated
2019-10-09

CVE-2018-7602

Known exploited
Used for ransomware
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
Max CVSS
9.8
EPSS Score
97.46%
Published
2018-07-19
Updated
2021-04-20
CISA KEV Added
2022-04-13

CVE-2018-7600

Known exploited
Public exploit
Used for ransomware
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Max CVSS
9.8
EPSS Score
97.57%
Published
2018-03-29
Updated
2019-03-01
CISA KEV Added
2021-11-03
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
Max CVSS
9.8
EPSS Score
1.09%
Published
2019-01-15
Updated
2019-10-03
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Max CVSS
9.8
EPSS Score
6.57%
Published
2018-08-06
Updated
2018-10-04
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
Max CVSS
9.8
EPSS Score
2.03%
Published
2018-03-29
Updated
2018-04-27
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Max CVSS
9.8
EPSS Score
0.15%
Published
2020-01-14
Updated
2020-01-24
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.31%
Published
2009-09-24
Updated
2022-09-27
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
Max CVSS
10.0
EPSS Score
0.25%
Published
2009-03-20
Updated
2017-08-17
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Max CVSS
9.3
EPSS Score
1.53%
Published
2009-02-19
Updated
2017-08-17
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
Max CVSS
9.3
EPSS Score
3.73%
Published
2008-07-03
Updated
2017-08-08
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
Max CVSS
10.0
EPSS Score
1.15%
Published
2008-02-19
Updated
2017-08-08
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
Max CVSS
10.0
EPSS Score
0.79%
Published
2008-02-05
Updated
2011-03-08
22 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!