Description

Drupal Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to bypass certain security restrictions and perform otherwise restricted actions. Drupal Core version 8.8.0 is vulnerable.

Remediation

Update to Drupal Core version 8.8.1 or latest

References

https://www.aon.com/cyber-solutions/aon_cyber_labs/file-upload-vulnerability-in-drupal8/

https://www.drupal.org/sa-core-2019-010

Related Vulnerabilities

PHP POST file upload buffer overflow vulnerabilities

WordPress Plugin WP Link To Us Multiple Cross-Site Scripting Vulnerabilities (2.0)

WordPress Plugin gSlideShow Cross-Site Request Forgery (0.1)

WordPress Plugin verwei.se-WordPress-Twitter Cross-Site Scripting (1.0.2)

WordPress Plugin WooCommerce Cross-Site Request Forgery (2.2.2)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Authentication Bypass