Drupal security advisory-CVE-2020-13671

February 10, 2022

NAME

DrupalDrupal

  • Platforms Affected:
    Drupal

  • Risk Level:
    low

  • CVE Type:
    Unrestricted file upload

DESCRIPTION

CVE-2020-13671 is an unrestricted file upload vulnerability impacting Drupal versions 7.0 through 7.73, 8.8 through 8.8.10, 8.9 through 8.9.8, and 9.0 through 9.0.7. A proof of concept (PoC) was not observed publicly or in the underground.

CVSS Information:

  • CVSS 2.0 SCORE: 6.5
  • CVSS 3.0 SCORE: 8.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:


  • PoC Link:

MITIGATION

Drupal addressed the vulnerability in a security advisory with updated versions.

  • Reference Link:
    https://www.drupal.org/sa-core-2020-012

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[MEOW] – Ransomware Victim: Zyloware

November 14, 2024
image

[MEOW] – Ransomware Victim: Cottles Asphalt Maintenance Inc

November 14, 2024
image

[MEOW] – Ransomware Victim: Karl Malone Toyota

November 14, 2024
image

[MEOW] – Ransomware Victim: Pine Belt Cars

November 14, 2024
image

[MEOW] – Ransomware Victim: J[.]S[.]T[.] Espana

November 14, 2024