vulnerability
FreeBSD: VID-140a14b5-d615-11e8-b3cb-00e04c1ea73d: drupal -- Drupal Core - Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Oct 22, 2018 | Oct 23, 2018 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Oct 22, 2018
Added
Oct 23, 2018
Modified
Dec 10, 2025
Description
Drupal Security Team reports: he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the administer paths permission to exploit. When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.
Solutions
freebsd-upgrade-package-drupal7freebsd-upgrade-package-drupal8
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.