Description

Drupal Core is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. Drupal Core version 8.7.0 is vulnerable.

Remediation

Update to Drupal Core version 8.7.1 or latest

References

https://typo3.org/security/advisory/typo3-psa-2019-007/

https://www.drupal.org/sa-core-2019-007

Related Vulnerabilities

FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)

WordPress Plugin Bliss Gallery Arbitrary File Upload (2.3)

WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)

WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (1.5.5)

WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)

Severity

High

Classification

CVE-2019-11831 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Directory Traversal