Drupal : Security Vulnerabilities, CVEs, Published In 2013 (Information Leak)
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
Max CVSS
5.0
EPSS Score
0.66%
Published
2013-01-03
Updated
2017-08-29
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Max CVSS
6.8
EPSS Score
0.39%
Published
2013-10-28
Updated
2014-03-08
2 vulnerabilities found