Vulnerabilities > Drupal > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2020-13664 Command Injection vulnerability in Drupal
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances.
network
drupal CWE-77
critical
9.3
2020-12-17 CVE-2020-35191 Missing Authentication for Critical Function vulnerability in Drupal Docker Images 8.3.0Fpmalpine
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
drupal CWE-306
critical
10.0
2019-05-09 CVE-2019-11831 Deserialization of Untrusted Data vulnerability in multiple products
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
network
low complexity
typo3 debian fedoraproject drupal joomla CWE-502
critical
9.8
2019-01-22 CVE-2019-6339 Improper Input Validation vulnerability in multiple products
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI.
network
low complexity
drupal debian CWE-20
critical
9.8
2018-07-19 CVE-2018-7602 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x.
network
low complexity
drupal debian
critical
9.8
2013-03-27 CVE-2013-0318 Permissions, Privileges, and Access Controls vulnerability in Banckle Chat Project Banckle Chat
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
network
low complexity
banckle-chat-project drupal CWE-264
critical
10.0
2009-09-24 CVE-2009-3354 Multiple Unspecified vulnerability in Drupal REST API Module
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
network
low complexity
andrew-sterling-hanenkamp drupal
critical
10.0
2009-09-24 CVE-2009-3353 Multiple Unspecified vulnerability in Drupal Node2Node Module
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
network
low complexity
steve-lockwood drupal
critical
10.0
2009-09-24 CVE-2009-3352 Unspecified vulnerability in Drupal
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
network
low complexity
drupal
critical
10.0
2009-09-24 CVE-2009-3351 Multiple Unspecified vulnerability in Drupal Node Browser Module 5.X1.1/5.X2.5
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
network
low complexity
drupal kristy-frey
critical
10.0