Search for packages
Package details: pkg:composer/drupal/drupal@6.0.0
purl pkg:composer/drupal/drupal@6.0.0
Tags Ghost
Next non-vulnerable version 10.2.11
Latest non-vulnerable version 11.0.8
Risk 4.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-35sf-urkm-aaah
Aliases:
CVE-2016-3165
GHSA-4gh5-3hqj-x3pj
Improper Access Control The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has `#access` set to `FALSE` in the server-side form definition.
6.38.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-8r44-x4sp-aaaa
Aliases:
CVE-2016-3171
GHSA-69g8-g9jq-74v7
Session data truncation can lead to unserialization of user provided data Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
6.38.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-b5ph-7tjf-aaaj
Aliases:
CVE-2016-3166
GHSA-fg5q-r2q5-qmh3
HTTP header injection using line breaks CRLF injection vulnerability in the `drupal_set_header` function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
6.38.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-d5b5-6j54-aaas
Aliases:
CVE-2016-3164
GHSA-836p-6p4j-35cg
Open redirect via path manipulation Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.
6.38.0
Affected by 0 other vulnerabilities.
7.43.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-exc6-n24q-aaaf
Aliases:
CVE-2016-3163
GHSA-h3r9-pjmr-f938
Brute force amplification attacks via XML-RPC The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.
6.38.0
Affected by 0 other vulnerabilities.
7.43.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-kh5t-hdk1-aaas
Aliases:
CVE-2010-3094
GHSA-pjmx-4gc6-hwv8
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
6.18.0
Affected by 0 other vulnerabilities.
VCID-n1bk-upb2-aaag
Aliases:
CVE-2016-3167
GHSA-gxwx-c7m8-f95h
Open redirect via double-encoded 'destination' parameter Open redirect vulnerability in the `drupal_goto` function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the `destination` parameter.
6.38.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-n4xy-1371-aaab
Aliases:
CVE-2016-3168
GHSA-qqxc-cppg-4xp8
Reflected file download vulnerability The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.
6.38.0
Affected by 0 other vulnerabilities.
7.43.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
VCID-x47f-8bvj-aaab
Aliases:
CVE-2008-3218
GHSA-6cj8-c359-p7q9
drupal: multiple security issues in < 6.3,5.8/5.9 (SA-2008-044,SA-2008-046 - CVE-2008-3218, CVE-2008-3219, CVE-2008-3220, CVE-2008-3221, CVE-2008-3222, CVE-2008-3223)
6.3.0
Affected by 0 other vulnerabilities.
VCID-y9vf-63fm-aaad
Aliases:
CVE-2016-3169
GHSA-q3p9-8728-wq7x
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.
6.38.0
Affected by 0 other vulnerabilities.
7.43.0
Affected by 0 other vulnerabilities.
8.0.4
Affected by 71 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:34:43.100505+00:00 GitLab Importer Affected by VCID-x47f-8bvj-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2008-3218.yml 34.0.1
2024-09-17T22:34:40.327469+00:00 GitLab Importer Affected by VCID-kh5t-hdk1-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2010-3094.yml 34.0.1
2024-09-17T22:09:56.206082+00:00 GHSA Importer Affected by VCID-d5b5-6j54-aaas https://github.com/advisories/GHSA-836p-6p4j-35cg 34.0.1
2024-09-17T22:09:04.430545+00:00 GHSA Importer Affected by VCID-kh5t-hdk1-aaas https://github.com/advisories/GHSA-pjmx-4gc6-hwv8 34.0.1
2024-09-17T22:08:59.568467+00:00 GHSA Importer Affected by VCID-x47f-8bvj-aaab https://github.com/advisories/GHSA-6cj8-c359-p7q9 34.0.1
2024-09-17T22:08:42.905622+00:00 GHSA Importer Affected by VCID-n4xy-1371-aaab https://github.com/advisories/GHSA-qqxc-cppg-4xp8 34.0.1
2024-09-17T22:08:42.487535+00:00 GHSA Importer Affected by VCID-y9vf-63fm-aaad https://github.com/advisories/GHSA-q3p9-8728-wq7x 34.0.1
2024-09-17T22:08:41.163314+00:00 GHSA Importer Affected by VCID-8r44-x4sp-aaaa https://github.com/advisories/GHSA-69g8-g9jq-74v7 34.0.1
2024-09-17T22:08:41.012693+00:00 GHSA Importer Affected by VCID-n1bk-upb2-aaag https://github.com/advisories/GHSA-gxwx-c7m8-f95h 34.0.1
2024-09-17T22:08:40.791776+00:00 GHSA Importer Affected by VCID-exc6-n24q-aaaf https://github.com/advisories/GHSA-h3r9-pjmr-f938 34.0.1
2024-09-17T22:08:40.723095+00:00 GHSA Importer Affected by VCID-35sf-urkm-aaah https://github.com/advisories/GHSA-4gh5-3hqj-x3pj 34.0.1
2024-09-17T22:08:40.654008+00:00 GHSA Importer Affected by VCID-b5ph-7tjf-aaaj https://github.com/advisories/GHSA-fg5q-r2q5-qmh3 34.0.1
2024-05-03T07:48:54.487169+00:00 GHSA Importer Affected by VCID-exc6-n24q-aaaf https://github.com/advisories/GHSA-h3r9-pjmr-f938 34.0.0rc4
2024-04-23T23:49:19.161124+00:00 GHSA Importer Affected by VCID-8r44-x4sp-aaaa https://github.com/advisories/GHSA-69g8-g9jq-74v7 34.0.0rc4
2024-04-23T23:49:19.017305+00:00 GHSA Importer Affected by VCID-n1bk-upb2-aaag https://github.com/advisories/GHSA-gxwx-c7m8-f95h 34.0.0rc4
2024-04-23T23:49:18.868180+00:00 GHSA Importer Affected by VCID-35sf-urkm-aaah https://github.com/advisories/GHSA-4gh5-3hqj-x3pj 34.0.0rc4
2024-04-23T23:49:18.794284+00:00 GHSA Importer Affected by VCID-b5ph-7tjf-aaaj https://github.com/advisories/GHSA-fg5q-r2q5-qmh3 34.0.0rc4
2024-04-23T17:40:51.941596+00:00 GHSA Importer Affected by VCID-n4xy-1371-aaab https://github.com/advisories/GHSA-qqxc-cppg-4xp8 34.0.0rc4
2024-04-23T17:40:51.532059+00:00 GHSA Importer Affected by VCID-y9vf-63fm-aaad https://github.com/advisories/GHSA-q3p9-8728-wq7x 34.0.0rc4
2024-02-13T15:59:39.890315+00:00 GitLab Importer Affected by VCID-x47f-8bvj-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2008-3218.yml 34.0.0rc2
2024-02-10T15:38:45.934088+00:00 GitLab Importer Affected by VCID-kh5t-hdk1-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2010-3094.yml 34.0.0rc2
2024-02-09T20:11:09.345873+00:00 GHSA Importer Affected by VCID-x47f-8bvj-aaab https://github.com/advisories/GHSA-6cj8-c359-p7q9 34.0.0rc2
2024-02-08T16:25:18.528683+00:00 GHSA Importer Affected by VCID-kh5t-hdk1-aaas https://github.com/advisories/GHSA-pjmx-4gc6-hwv8 34.0.0rc2
2024-02-06T12:22:50.705308+00:00 GHSA Importer Affected by VCID-d5b5-6j54-aaas https://github.com/advisories/GHSA-836p-6p4j-35cg 34.0.0rc2
2024-01-03T17:41:47.285046+00:00 GHSA Importer Affected by VCID-d5b5-6j54-aaas https://github.com/advisories/GHSA-836p-6p4j-35cg 34.0.0rc1