Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-13674

EPSS 0.14% · P34
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-13674

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Drupal QuickEdit module 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。 Drupal QuickEdit module 存在跨站请求伪造漏洞,远程攻击者可以欺骗受害者访问特制网页并代表受害者在易受攻击的网站上执行任意操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
DrupalCore 9.2 ~ 9.2.6 -

II. Public POCs for CVE-2020-13674

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-13674

登录查看更多情报信息。

Same Patch Batch · Drupal · 2022-02-11 · 9 CVEs total

CVE-2020-13677Drupal 安全漏洞
CVE-2020-13676Drupal 访问控制错误漏洞
CVE-2020-13670Drupal core 信息泄露漏洞
CVE-2020-13675Drupal 代码问题漏洞
CVE-2020-13673Drupal 跨站脚本漏洞
CVE-2020-13672Drupal跨站脚本漏洞
CVE-2020-13669Drupal core 跨站脚本漏洞
CVE-2020-13668Access bypass in Drupal Core 8/9

IV. Related Vulnerabilities

Same product: Core
Same vendor: Drupal
Same weakness: CWE-352

V. Comments for CVE-2020-13674

No comments yet

Leave a comment