Software Detail

Software Informaton Top

CMS

Software Detail

Drupal

Number Of NVD

249

CRITICAL

HIGH

MEDIUM

158

LOW

URL	https://www.drupal.org/
Explanation	Drupal is an open source Content Management System (CMS). Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag	GPL v2 GPL v3 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.drupal.org/download
2			https://www.drupal.org/project/drupal/releases
3			https://github.com/drupal/drupal
4			https://www.drupal.org/about/drupal6-eol
5			https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
111	Drupal 10	10.6.0-beta1	Nov. 25, 2025	Dec. 15, 2022		1	1	1	0
112	Drupal 9	9.5.11	Sept. 20, 2023	June 3, 2020		3	20	19	0
113	Drupal 8	8.9.20	Nov. 17, 2021	June 3, 2020	Nov. 30, 2021	11	29	35	0
114	Drupal 7	7.103	Dec. 4, 2024	Jan. 5, 2011	Nov. 30, 2021	4	18	64	7
115	Drupal 6	6.38	Feb. 24, 2016	Feb. 13, 2008	Feb. 24, 2016	2	10	57	13
116	Drupal 5	5.23	Aug. 11, 2010	Jan. 15, 2007	Jan. 6, 2011	1	5	39	7
117	Drupal 4	4.7.11	Jan. 10, 2008	June 15, 2002	Jan. 1, 1900	1	7	33	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
111	8.1 6.5	HIGH Network	The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unproces…	CWE-284 Improper Access Control	CVE-2016-3162	cpe:2.3:a:drupal:drupal:8.0.3:* cpe:2.3:a:drupal:drupal:8.0.2:* cpe:2.3:a:drupal:drupal:8.0.1:* cpe:2.3:a:drup…	2024-11-21 11:49 2016-04-13	Show	GitHub Exploit DB Packet Storm

112	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script …	CWE-79 Cross-site Scripting	CVE-2015-6665	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…	2024-11-21 11:35 2015-08-24	Show	GitHub Exploit DB Packet Storm

113	- 5.0	MEDIUM	Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.	CWE-200 Information Exposure	CVE-2015-6661	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…	2024-11-21 11:35 2015-08-24	Show	GitHub Exploit DB Packet Storm

114	- 6.8	MEDIUM	The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's acc…	CWE-352 Origin Validation Error	CVE-2015-6660	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…	2024-11-21 11:35 2015-08-24	Show	GitHub Exploit DB Packet Storm

115	- 7.5	HIGH	SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.	CWE-89 SQL Injection	CVE-2015-6659	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…	2024-11-21 11:35 2015-08-24	Show	GitHub Exploit DB Packet Storm

116	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, rel…	CWE-79 Cross-site Scripting	CVE-2015-6658	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…	2024-11-21 11:35 2015-08-24	Show	GitHub Exploit DB Packet Storm

117	- 4.3	MEDIUM	The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by t…	CWE-20 Improper Input Validation	CVE-2015-3234	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…	2024-11-21 11:28 2015-06-23	Show	GitHub Exploit DB Packet Storm

118	- 5.8	MEDIUM	Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	NVD-CWE-Other	CVE-2015-3233	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…	2024-11-21 11:28 2015-06-23	Show	GitHub Exploit DB Packet Storm

119	- 5.8	MEDIUM	Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination…	NVD-CWE-Other	CVE-2015-3232	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…	2024-11-21 11:28 2015-06-23	Show	GitHub Exploit DB Packet Storm

120	- 4.0	MEDIUM	The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.	CWE-200 Information Exposure	CVE-2015-3231	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…	2024-11-21 11:28 2015-06-23	Show	GitHub Exploit DB Packet Storm