All vulnerabilities
CVE-2020-13671
Drupal core Un-restricted Upload of File
Drupal — Drupal core
- Added to KEV catalog
- 18 January 2022
- Federal remediation due date
- 18 July 2022
- Weakness classification (CWE)
- CWE-434
CISA Description
Improper sanitization in the extension file names is present in Drupal core.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-13671
More Drupal Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services