Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
141 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
142 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
143 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
144 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
145 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
146 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
147 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
141 -
6.8 		MEDIUM Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass in… CWE-310
Cryptographic Issues 		CVE-2013-6386 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:59
2013-12-8 		Show GitHub Exploit DB Packet Storm
142 -
5.1 		MEDIUM The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att… CWE-94
Code Injection 		CVE-2013-6385 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:59
2013-12-8 		Show GitHub Exploit DB Packet Storm
143 -
3.5 		LOW The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields vi… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-0827 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:35
2013-10-29 		Show GitHub Exploit DB Packet Storm
144 -
6.8 		MEDIUM Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for … CWE-352
 Origin Validation Error 		CVE-2012-0826 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:35
2013-10-29 		Show GitHub Exploit DB Packet Storm
145 -
6.8 		MEDIUM Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det… CWE-200
Information Exposure 		CVE-2012-0825 cpe:2.3:a:drupal:drupal:7.x:dev
cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drup… 		2024-11-21 10:35
2013-10-29 		Show GitHub Exploit DB Packet Storm
146 -
4.3 		MEDIUM The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of othe… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0246 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:47
2013-07-17 		Show GitHub Exploit DB Packet Storm
147 -
2.1 		LOW The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows rem… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0245 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:47
2013-07-17 		Show GitHub Exploit DB Packet Storm
148 -
5.0 		MEDIUM The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. CWE-399
 Resource Management Errors 		CVE-2013-0316 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:47
2013-03-28 		Show GitHub Exploit DB Packet Storm
149 -
6.0 		MEDIUM The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file nam… CWE-20
 Improper Input Validation  		CVE-2012-5653 cpe:2.3:a:drupal:drupal:7.x-dev:*
cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal… 		2024-11-21 10:45
2013-01-3 		Show GitHub Exploit DB Packet Storm
150 -
5.0 		MEDIUM Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. CWE-200
Information Exposure 		CVE-2012-5652 cpe:2.3:a:drupal:drupal:6.9:*
cpe:2.3:a:drupal:drupal:6.8:*
cpe:2.3:a:drupal:drupal:6.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 10:45
2013-01-3 		Show GitHub Exploit DB Packet Storm