vulnerability
Drupal: CVE-2020-13664: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | 06/18/2020 | 06/18/2020 | 05/17/2021 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
06/18/2020
Added
06/18/2020
Modified
05/17/2021
Description
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.
Solution(s)
drupal-upgrade-8_8_8drupal-upgrade-8_9_1drupal-upgrade-9_0_1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.