Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 254 CRITICAL 12 HIGH 57 MEDIUM 162 LOW 23
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v3
  • オープンソース
  • GPL v2

Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
231 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 5 1
232 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 23 1
233 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 39 1
234 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 68 8
235 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 61 14
236 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 43 8
237 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 37 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
231 -
7.5
HIGH Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vecto… NVD-CWE-Other
CVE-2006-5476 cpe:2.3:a:drupal:drupal:4.7.3:*
cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drup…
2026-04-23 09:35
2006-10-25
Show GitHub Exploit DB Packet Storm
232 -
2.6
LOW Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. NVD-CWE-Other
CVE-2006-5477 cpe:2.3:a:drupal:drupal:4.7.3:*
cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drup…
2026-04-23 09:35
2006-10-25
Show GitHub Exploit DB Packet Storm
233 -
5.1
MEDIUM Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vec… NVD-CWE-Other
CVE-2006-4120 cpe:2.3:a:drupal:drupal:4.5:*
cpe:2.3:a:drupal:drupal:4.5.7:*
cpe:2.3:a:drupal:drupal:4.5.6:*
cpe:2.3:a:drupal…
4.6 2017-07-20 10:32
2006-08-15
Show GitHub Exploit DB Packet Storm
234 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: … NVD-CWE-Other
CVE-2006-4002 cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drup…
2017-07-20 10:32
2006-08-8
Show GitHub Exploit DB Packet Storm
235 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspeci… NVD-CWE-Other
CVE-2006-3570 cpe:2.3:a:drupal:drupal:4.7:*
cpe:2.3:a:drupal:drupal:4.6:*
2017-07-20 10:32
2006-07-13
Show GitHub Exploit DB Packet Storm
236 -
7.5
HIGH Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute ar… NVD-CWE-Other
CVE-2006-2831 cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drupal:drupal:4.6:*
cpe:2.3:a:drupal…
2018-10-19 01:43
2006-06-6
Show GitHub Exploit DB Packet Storm
237 -
2.6
LOW Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via th… NVD-CWE-Other
CVE-2006-2832 cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drupal:drupal:4.6:*
cpe:2.3:a:drupal…
2018-10-19 01:43
2006-06-6
Show GitHub Exploit DB Packet Storm
238 -
2.6
LOW Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated whe… NVD-CWE-Other
CVE-2006-2833 cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.6.8:*
2018-10-19 01:43
2006-06-6
Show GitHub Exploit DB Packet Storm
239 -
7.5
HIGH SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) da… NVD-CWE-Other
CVE-2006-2742 cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drupal:drupal:4.6:*
cpe:2.3:a:drupal:drupal:4.6.6:*
cpe:2.3:a:drupal…
2018-10-19 01:41
2006-06-1
Show GitHub Exploit DB Packet Storm
240 -
5.1
MEDIUM Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitra… NVD-CWE-Other
CVE-2006-2743 cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drupal:drupal:4.6:*
cpe:2.3:a:drupal:drupal:4.6.6:*
cpe:2.3:a:drupal…
2018-10-19 01:41
2006-06-1
Show GitHub Exploit DB Packet Storm