Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925)

Description

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

Remediation

References

Related Vulnerabilities

WordPress Plugin CMP-Coming Soon & Maintenance by NiteoThemes Security Bypass (3.8.1)

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3394)

WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)

WordPress Plugin Parcel Tracker eCourier Cross-Site Request Forgery (1.0.1)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3169)

Severity

Critical

Classification

CVE-2017-6925 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities