Software Detail

Software Informaton Top

CMS

Software Detail

Drupal

Number Of NVD

249

CRITICAL

HIGH

MEDIUM

158

LOW

URL	https://www.drupal.org/
Explanation	Drupal is an open source Content Management System (CMS). Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag	GPL v3 オープンソース GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.drupal.org/download
2			https://www.drupal.org/project/drupal/releases
3			https://github.com/drupal/drupal
4			https://www.drupal.org/about/drupal6-eol
5			https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
201	Drupal 10	10.6.0-beta1	Nov. 25, 2025	Dec. 15, 2022		1	1	1	0
202	Drupal 9	9.5.11	Sept. 20, 2023	June 3, 2020		3	20	19	0
203	Drupal 8	8.9.20	Nov. 17, 2021	June 3, 2020	Nov. 30, 2021	11	29	35	0
204	Drupal 7	7.103	Dec. 4, 2024	Jan. 5, 2011	Nov. 30, 2021	4	18	64	7
205	Drupal 6	6.38	Feb. 24, 2016	Feb. 13, 2008	Feb. 24, 2016	2	10	57	13
206	Drupal 5	5.23	Aug. 11, 2010	Jan. 15, 2007	Jan. 6, 2011	1	5	39	7
207	Drupal 4	4.7.11	Jan. 10, 2008	June 15, 2002	Jan. 1, 1900	1	7	33	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
201	- 7.5	HIGH	SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fie…	CWE-89 SQL Injection	CVE-2008-3223	cpe:2.3:a:drupal:drupal::	6.0	6.3	2026-04-23 09:35 2008-07-19	Show	GitHub Exploit DB Packet Storm

202	- 7.5	HIGH	Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQL Injection	CVE-2008-2999	cpe:2.3:a:drupal:drupal:5.7:* cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:dr…			2026-04-23 09:35 2008-07-4	Show	GitHub Exploit DB Packet Storm

203	- 5.0	MEDIUM	The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass res…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2008-2771	cpe:2.3:a:drupal:drupal:6.0:* cpe:2.3:a:drupal:drupal:5.0:*			2026-04-23 09:35 2008-06-19	Show	GitHub Exploit DB Packet Storm

204	- 5.8	MEDIUM	The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker a…	NVD-CWE-noinfo	CVE-2008-1729	cpe:2.3:a:drupal:drupal::	6.0	6.2	2026-04-23 09:35 2008-04-12	Show	GitHub Exploit DB Packet Storm

205	- 4.3	MEDIUM	The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.	CWE-79 Cross-site Scripting	CVE-2008-1133	cpe:2.3:a:drupal:drupal:6.0:*			2026-04-23 09:35 2008-03-5	Show	GitHub Exploit DB Packet Storm

206	- 3.5	LOW	Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.	CWE-79 Cross-site Scripting	CVE-2008-1131	cpe:2.3:a:drupal:drupal:6.0:*			2026-04-23 09:35 2008-03-4	Show	GitHub Exploit DB Packet Storm

207	- 4.3	MEDIUM	Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.	CWE-352 Origin Validation Error	CVE-2008-0272	cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:drupal:5.3:* cpe:2.3:a:drupal:dr…			2026-04-23 09:35 2008-01-16	Show	GitHub Exploit DB Packet Storm

208	- 4.3	MEDIUM	Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byt…	CWE-79 Cross-site Scripting	CVE-2008-0273	cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:drupal:5.3:* cpe:2.3:a:drupal:dr…			2026-04-23 09:35 2008-01-16	Show	GitHub Exploit DB Packet Storm

209	- 2.6	LOW	Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links inv…	CWE-79 Cross-site Scripting	CVE-2008-0274	cpe:2.3:a:drupal:drupal:5.0:* cpe:2.3:a:drupal:drupal:4.7:*			2026-04-23 09:35 2008-01-16	Show	GitHub Exploit DB Packet Storm

210	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping …	CWE-79 Cross-site Scripting	CVE-2008-0276	cpe:2.3:a:drupal:drupal:5.5.:* cpe:2.3:a:drupal:drupal:5.4:* cpe:2.3:a:drupal:drupal:5.3:* cpe:2.3:a:drupal:dr…			2026-04-23 09:35 2008-01-16	Show	GitHub Exploit DB Packet Storm