Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-13664

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
Products affected by CVE-2020-13664
  • Drupal » Drupal » Version: 8.8.0
    cpe:2.3:a:drupal:drupal:8.8.0
  • Drupal » Drupal » Version: 8.8.1
    cpe:2.3:a:drupal:drupal:8.8.1
  • Drupal » Drupal » Version: 8.8.2
    cpe:2.3:a:drupal:drupal:8.8.2
  • Drupal » Drupal » Version: 8.8.3
    cpe:2.3:a:drupal:drupal:8.8.3
  • Drupal » Drupal » Version: 8.8.4
    cpe:2.3:a:drupal:drupal:8.8.4
  • Drupal » Drupal » Version: 8.8.5
    cpe:2.3:a:drupal:drupal:8.8.5
  • Drupal » Drupal » Version: 8.8.6
    cpe:2.3:a:drupal:drupal:8.8.6
  • Drupal » Drupal » Version: 8.8.7
    cpe:2.3:a:drupal:drupal:8.8.7
  • Drupal » Drupal » Version: 8.9.0
    cpe:2.3:a:drupal:drupal:8.9.0
  • Drupal » Drupal » Version: 9.0.0
    cpe:2.3:a:drupal:drupal:9.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved