Software Detail

Software Informaton Top

CMS

Software Detail

Drupal

Number Of NVD

249

CRITICAL

HIGH

MEDIUM

158

LOW

URL	https://www.drupal.org/
Explanation	Drupal is an open source Content Management System (CMS). Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag	GPL v2 GPL v3 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.drupal.org/download
2			https://www.drupal.org/project/drupal/releases
3			https://github.com/drupal/drupal
4			https://www.drupal.org/about/drupal6-eol
5			https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
131	Drupal 10	10.6.0-beta1	Nov. 25, 2025	Dec. 15, 2022		1	1	1	0
132	Drupal 9	9.5.11	Sept. 20, 2023	June 3, 2020		3	20	19	0
133	Drupal 8	8.9.20	Nov. 17, 2021	June 3, 2020	Nov. 30, 2021	11	29	35	0
134	Drupal 7	7.103	Dec. 4, 2024	Jan. 5, 2011	Nov. 30, 2021	4	18	64	7
135	Drupal 6	6.38	Feb. 24, 2016	Feb. 13, 2008	Feb. 24, 2016	2	10	57	13
136	Drupal 5	5.23	Aug. 11, 2010	Jan. 15, 2007	Jan. 6, 2011	1	5	39	7
137	Drupal 4	4.7.11	Jan. 10, 2008	June 15, 2002	Jan. 1, 1900	1	7	33	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
131	- 4.9	MEDIUM	The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-5020	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…			2024-11-21 11:11 2014-07-22	Show	GitHub Exploit DB Packet Storm

132	- 5.0	MEDIUM	The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration fil…	CWE-20 Improper Input Validation	CVE-2014-5019	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…			2024-11-21 11:11 2014-07-22	Show	GitHub Exploit DB Packet Storm

133	- 5.0	MEDIUM	Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input informati…	CWE-200 Information Exposure	CVE-2014-2983	cpe:2.3:a:drupal:drupal::	7.0 6.0	7.27 6.31	2024-11-21 11:07 2014-04-24	Show	GitHub Exploit DB Packet Storm

134	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: thi…	CWE-79 Cross-site Scripting	CVE-2014-1607	cpe:2.3:a:drupal:drupal:7.14:*			2024-11-21 11:04 2014-01-27	Show	GitHub Exploit DB Packet Storm

135	- 4.0	MEDIUM	The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to ob…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-1476	cpe:2.3:a:drupal:drupal:7.2:* cpe:2.3:a:drupal:drupal:7.24:* cpe:2.3:a:drupal:drupal:7.23:* cpe:2.3:a:drupal:d…			2024-11-21 11:04 2014-01-25	Show	GitHub Exploit DB Packet Storm

136	- 7.5	HIGH	The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.	NVD-CWE-noinfo	CVE-2014-1475	cpe:2.3:a:drupal:drupal:7.2:* cpe:2.3:a:drupal:drupal:7.24:* cpe:2.3:a:drupal:drupal:7.23:* cpe:2.3:a:drupal:d…			2024-11-21 11:04 2014-01-25	Show	GitHub Exploit DB Packet Storm

137	- 2.6	LOW	Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inj…	CWE-79 Cross-site Scripting	CVE-2013-0244	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…			2024-11-21 10:47 2014-01-20	Show	GitHub Exploit DB Packet Storm

138	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.	CWE-79 Cross-site Scripting	CVE-2013-6388	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…			2024-11-21 10:59 2013-12-25	Show	GitHub Exploit DB Packet Storm

139	- 2.1	LOW	Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri…	CWE-79 Cross-site Scripting	CVE-2013-6387	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…			2024-11-21 10:59 2013-12-25	Show	GitHub Exploit DB Packet Storm

140	- 5.8	MEDIUM	Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	CWE-20 Improper Input Validation	CVE-2013-6389	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…			2024-11-21 10:59 2013-12-8	Show	GitHub Exploit DB Packet Storm