Security News > 2017 > August > Drupal Patches Critical Access Bypass in Core Engine (Threatpost)

Drupal Patches Critical Access Bypass in Core Engine (Threatpost)

2017-08-17 19:50

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

News URL

http://threatpost.com/drupal-patches-critical-access-bypass-in-core-engine/127515/

#bypass #critical #drupal #threatpost

Related news

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
GitLab patches critical authentication bypass vulnerabilities (source)
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
Critical flaw in Next.js lets hackers bypass authorization (source)
Critical auth bypass bug in CrushFTP now exploited in attacks (source)
ASUS warns of critical auth bypass flaw in routers using AiCloud (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Drupal		15	0	66	45	14	125

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.