FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Drupal Core - Multiple Vulnerabilities

Affected packages
drupal7 < 7.60
drupal8 < 8.6.2

Details

VuXML ID 140a14b5-d615-11e8-b3cb-00e04c1ea73d
Discovery 2018-10-17
Entry 2018-10-22
Modified 2018-11-04

Drupal Security Team reports:

he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the administer paths permission to exploit.

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

References

URL https://www.drupal.org/SA-CORE-2018-006