Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
161 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
162 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
163 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
164 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
165 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
166 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
167 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
161 -
6.8 		MEDIUM Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout … CWE-352
 Origin Validation Error 		CVE-2007-6752 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		7.12 2024-11-21 09:40
2012-03-28 		Show GitHub Exploit DB Packet Storm
162 -
5.0 		MEDIUM Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/… CWE-200
Information Exposure 		CVE-2011-3730 cpe:2.3:a:drupal:drupal:7.0:* 2024-11-21 10:31
2011-09-24 		Show GitHub Exploit DB Packet Storm
163 -
7.5 		HIGH Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2011-2687 cpe:2.3:a:drupal:drupal:7.2:*
cpe:2.3:a:drupal:drupal:7.1:*
cpe:2.3:a:drupal:drupal:7.0:rc4
cpe:2.3:a:drupal:d… 		2024-11-21 10:28
2011-07-27 		Show GitHub Exploit DB Packet Storm
164 -
5.0 		MEDIUM The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attacker… CWE-287
Improper Authentication 		CVE-2010-3686 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:19
2010-09-30 		Show GitHub Exploit DB Packet Storm
165 -
5.0 		MEDIUM The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which all… CWE-287
Improper Authentication 		CVE-2010-3685 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:19
2010-09-30 		Show GitHub Exploit DB Packet Storm
166 -
5.0 		MEDIUM The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote att… CWE-287
Improper Authentication 		CVE-2010-3091 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:18
2010-09-30 		Show GitHub Exploit DB Packet Storm
167 -
2.1 		LOW Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action descrip… CWE-79
Cross-site Scripting 		CVE-2010-3094 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:18
2010-09-22 		Show GitHub Exploit DB Packet Storm
168 -
3.5 		LOW The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-3093 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:18
2010-09-22 		Show GitHub Exploit DB Packet Storm
169 -
5.5 		MEDIUM The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to by… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-3092 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:18
2010-09-22 		Show GitHub Exploit DB Packet Storm
170 -
3.5 		LOW Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "a… CWE-79
Cross-site Scripting 		CVE-2009-4371 cpe:2.3:a:drupal:drupal:6.15:*
cpe:2.3:a:drupal:drupal:6.14:* 		2026-04-23 09:35
2009-12-22 		Show GitHub Exploit DB Packet Storm