Software Detail

Software Informaton Top

CMS

Software Detail

Drupal

Number Of NVD

249

CRITICAL

HIGH

MEDIUM

158

LOW

URL	https://www.drupal.org/
Explanation	Drupal is an open source Content Management System (CMS). Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag	GPL v2 GPL v3 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.drupal.org/download
2			https://www.drupal.org/project/drupal/releases
3			https://github.com/drupal/drupal
4			https://www.drupal.org/about/drupal6-eol
5			https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
151	Drupal 10	10.6.0-beta1	Nov. 25, 2025	Dec. 15, 2022		1	1	1	0
152	Drupal 9	9.5.11	Sept. 20, 2023	June 3, 2020		3	20	19	0
153	Drupal 8	8.9.20	Nov. 17, 2021	June 3, 2020	Nov. 30, 2021	11	29	35	0
154	Drupal 7	7.103	Dec. 4, 2024	Jan. 5, 2011	Nov. 30, 2021	4	18	64	7
155	Drupal 6	6.38	Feb. 24, 2016	Feb. 13, 2008	Feb. 24, 2016	2	10	57	13
156	Drupal 5	5.23	Aug. 11, 2010	Jan. 15, 2007	Jan. 6, 2011	1	5	39	7
157	Drupal 4	4.7.11	Jan. 10, 2008	June 15, 2002	Jan. 1, 1900	1	7	33	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
151	- 5.0	MEDIUM	Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5651	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…		2024-11-21 10:45 2013-01-3	Show	GitHub Exploit DB Packet Storm

152	- 5.0	MEDIUM	The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-4554	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…		2024-11-21 10:43 2012-11-11	Show	GitHub Exploit DB Packet Storm

153	- 6.8	MEDIUM	Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient con…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-4553	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…		2024-11-21 10:43 2012-11-11	Show	GitHub Exploit DB Packet Storm

154	- 4.0	MEDIUM	Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overvie…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-2153	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…		2024-11-21 10:38 2012-10-1	Show	GitHub Exploit DB Packet Storm

155	- 5.0	MEDIUM	The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-1591	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…		2024-11-21 10:37 2012-10-1	Show	GitHub Exploit DB Packet Storm

156	- 4.0	MEDIUM	The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-1590	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…		2024-11-21 10:37 2012-10-1	Show	GitHub Exploit DB Packet Storm

157	- 3.5	LOW	Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain r…	CWE-399 Resource Management Errors	CVE-2012-1588	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…		2024-11-21 10:37 2012-10-1	Show	GitHub Exploit DB Packet Storm

158	- 7.5	HIGH	SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQL Injection	CVE-2012-2306	cpe:2.3:a:drupal:drupal:-:*		2024-11-21 10:38 2012-07-26	Show	GitHub Exploit DB Packet Storm

159	- 5.0	MEDIUM	The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati…	CWE-200 Information Exposure	CVE-2012-2922	cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal:drupal:7.7:* cpe:2.3:a:drupal:dru…	7.14	2024-11-21 10:39 2012-05-22	Show	GitHub Exploit DB Packet Storm

160	- 5.8	MEDIUM	Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destina…	CWE-20 Improper Input Validation	CVE-2012-1589	cpe:2.3:a:drupal:drupal:7.x-dev:* cpe:2.3:a:drupal:drupal:7.9:* cpe:2.3:a:drupal:drupal:7.8:* cpe:2.3:a:drupal…		2024-11-21 10:37 2012-05-19	Show	GitHub Exploit DB Packet Storm