drupal

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A PHP-based content management platform
Version 8.5.6-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-744 8.5.5-1 8.5.6-1 Medium Fixed
AVG-679 8.5.2-1 8.5.3-1 Critical Fixed
AVG-665 8.5.0-1 8.5.1-1 Critical Fixed
AVG-75 7.51-1 7.52-1 Medium Fixed
AVG-74 8.2.2-1 8.2.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-7602 AVG-679 Critical Yes Arbitrary command execution
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack...
CVE-2018-7600 AVG-665 Critical Yes Arbitrary code execution
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack...
CVE-2018-14773 AVG-744 Medium Yes Access restriction bypass
Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a...
CVE-2016-9452 AVG-74 Medium Yes Denial of service
A specially crafted URL can cause a denial of service via the transliterate mechanism.
CVE-2016-9451 AVG-75 Medium Yes Open redirect
Under certain circumstances, malicious users could construct a URL to a confirmation form that would trick users into being redirected to a 3rd party...
CVE-2016-9450 AVG-74 Low Yes Content spoofing
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
CVE-2016-9449 AVG-74 Low Yes Information disclosure
Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict...

Advisories

Date Advisory Group Severity Description
27 Apr 2018 ASA-201804-10 AVG-679 Critical arbitrary command execution
01 Apr 2018 ASA-201804-1 AVG-665 Critical arbitrary code execution
19 Nov 2016 ASA-201611-20 AVG-74 Medium multiple issues