Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-13272— Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036

EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-13272

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1220
Source: NVD (National Vulnerability Database)
Vulnerability Title
Drupal 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。 Drupal Paragraphs table 1.23.0版本之前,2.0.0版本到2.0.2版本存在安全漏洞,该漏洞源于访问控制漏洞粒度不足。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
DrupalParagraphs table 0.0.0 ~ 1.23.0 -

II. Public POCs for CVE-2024-13272

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-13272

登录查看更多情报信息。

Same Patch Batch · Drupal · 2025-01-09 · 74 CVEs total

CVE-2024-13263Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027
CVE-2024-13243Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007
CVE-2024-13255RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019
CVE-2024-13256Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020
CVE-2024-13257Commerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021
CVE-2024-13258Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2
CVE-2024-13259Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023
CVE-2024-13260Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-202
CVE-2024-13261Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONT
CVE-2024-13262View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026
CVE-2024-13254REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018
CVE-2024-13264Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028
CVE-2024-13265Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029
CVE-2024-13266Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030
CVE-2024-13267Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-03
CVE-2024-13268Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032
CVE-2024-13269Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033
CVE-2024-13270Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034
CVE-2024-13271Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035
CVE-2024-13273Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2

Showing top 20 of 74 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Paragraphs table
Same vendor: Drupal
Same weakness: CWE-1220

V. Comments for CVE-2024-13272

No comments yet

Leave a comment