Drupal security advisory-CVE-2020-13671

February 10, 2022

NAME

DrupalDrupal

  • Platforms Affected:
    Drupal

  • Risk Level:
    low

  • CVE Type:
    Unrestricted file upload

DESCRIPTION

CVE-2020-13671 is an unrestricted file upload vulnerability impacting Drupal versions 7.0 through 7.73, 8.8 through 8.8.10, 8.9 through 8.9.8, and 9.0 through 9.0.7. A proof of concept (PoC) was not observed publicly or in the underground.

CVSS Information:

  • CVSS 2.0 SCORE: 6.5
  • CVSS 3.0 SCORE: 8.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:


  • PoC Link:

MITIGATION

Drupal addressed the vulnerability in a security advisory with updated versions.

  • Reference Link:
    https://www.drupal.org/sa-core-2020-012

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

CISA Logo

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

November 23, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

November 23, 2024
CISA Logo

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

November 23, 2024
CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 23, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

November 23, 2024