Lucene search
Veracode Vulnerability DatabaseVERACODE:36622HistoryAug 08, 2022 - 3:19 a.m.
Remote Code Execution
2022-08-0803:19:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
drupal/core
remote code execution
bypass protections
sanitizename function
.htaccess extension
upload malicious code
system under attack
software
0.002 Low
EPSS
Percentile
56.3%
drupal/core is vulnerable to remote code execution. A remote attacker is able to bypass protections provided in sanitizeName function because the filenames with .htaccess extension are not properly sanitized, which allows the attacker to upload and execute malicious code on the system under attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/core | le | 9.4.2 | |
| drupal/core | le | 9.3.18 | |
| drupal/core | le | 9.2.21 | |
| drupal/core | le | 10.0.0-alpha6 | |
| drupal/core | le | 9.4.2 | |
| drupal/core | le | 9.3.18 | |
| drupal/core | le | 9.2.21 | |
| drupal/core | le | 10.0.0-alpha6 |
Related
osv
osv
CVE-2022-25277
2023-04-26 15:15:08
BIT-drupal-2022-25277
2024-03-06 10:52:46
Drupal core arbitrary PHP code execution
2022-08-06 09:33:38
prion
prion
Remote code execution
2023-04-26 15:15:00
openvas
openvas
Drupal RCE Vulnerability (SA-CORE-2022-014) - Linux
2022-07-25 00:00:00
Drupal RCE Vulnerability (SA-CORE-2022-014) - Windows
2022-07-25 00:00:00
nvd
nvd
CVE-2022-25277
2023-04-26 15:15:08
ubuntucve
ubuntucve
CVE-2022-25277
2023-04-26 00:00:00
drupal
drupal
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
2022-07-20 00:00:00
cve
cve
CVE-2022-25277
2023-04-26 15:15:08
friendsofphp
friendsofphp
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
2022-07-20 18:00:00
cvelist
cvelist
CVE-2022-25277
2023-04-26 00:00:00
github
github
Drupal core arbitrary PHP code execution
2022-08-06 09:33:38
nessus
nessus