Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Core 8.7.0 Directory Traversal (8.7.0)

Description

Drupal Core is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. Drupal Core version 8.7.0 is vulnerable.

Remediation

Update to Drupal Core version 8.7.1 or latest

References

https://typo3.org/security/advisory/typo3-psa-2019-007/

https://www.drupal.org/sa-core-2019-007

Related Vulnerabilities

WebLogic CVE-2020-2550 Vulnerability (CVE-2020-2550)

MySQL CVE-2020-14576 Vulnerability (CVE-2020-14576)

Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)

Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-62397)

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27493)

Severity

High

Classification

CVE-2019-11831 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Directory Traversal