cnvd - cnvd-2020-64563

cnvd-2020-64563

Vulnerability from cnvd

Title: Drupal远程代码执行漏洞（CNVD-2020-64563）

Description:

Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。

Drupal存在远程代码执行漏洞。该漏洞是由于Drupal core未能正确地处理上传文件中的某些文件名，攻击者可利用漏洞通过上传恶意文件，在某些特定的配置下可能会被当作php解析，从而导致远程代码执行。

Severity: 高

Patch Name: Drupal远程代码执行漏洞（CNVD-2020-64563）的补丁

Patch Description:

Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。

Drupal存在远程代码执行漏洞。该漏洞是由于Drupal core未能正确地处理上传文件中的某些文件名，攻击者可利用漏洞通过上传恶意文件，在某些特定的配置下可能会被当作php解析，从而导致远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://www.drupal.org/sa-core-2020-012

Reference: https://www.drupal.org/sa-core-2020-012

Impacted products

Name
['Drupal Drupal 9.0.8', 'Drupal Drupal 8.9.9', 'Drupal Drupal 8.8.11', 'Drupal Drupal 7.7.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-13671"
    }
  },
  "description": "Drupal\u662fDrupal\u793e\u533a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\n\nDrupal\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDrupal core\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u4e0a\u4f20\u6587\u4ef6\u4e2d\u7684\u67d0\u4e9b\u6587\u4ef6\u540d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u5728\u67d0\u4e9b\u7279\u5b9a\u7684\u914d\u7f6e\u4e0b\u53ef\u80fd\u4f1a\u88ab\u5f53\u4f5cphp\u89e3\u6790\uff0c\u4ece\u800c\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.drupal.org/sa-core-2020-012",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-64563",
  "openTime": "2020-11-19",
  "patchDescription": "Drupal\u662fDrupal\u793e\u533a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDrupal core\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u4e0a\u4f20\u6587\u4ef6\u4e2d\u7684\u67d0\u4e9b\u6587\u4ef6\u540d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u5728\u67d0\u4e9b\u7279\u5b9a\u7684\u914d\u7f6e\u4e0b\u53ef\u80fd\u4f1a\u88ab\u5f53\u4f5cphp\u89e3\u6790\uff0c\u4ece\u800c\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Drupal\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-64563\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Drupal Drupal 9.0.8",
      "Drupal Drupal 8.9.9",
      "Drupal Drupal 8.8.11",
      "Drupal Drupal 7.7.4"
    ]
  },
  "referenceLink": "https://www.drupal.org/sa-core-2020-012",
  "serverity": "\u9ad8",
  "submitTime": "2020-11-19",
  "title": "Drupal\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-64563\uff09"
}

CVE-2020-13671 (GCVE-0-2020-13671)

Vulnerability from cvelistv5

Published

2020-11-20 15:40

Modified

2025-07-30 01:45

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Remote code execution

Summary

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.

References

▼	URL	Tags
	https://www.drupal.org/sa-core-2020-012	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	Drupal	Drupal Core	Version: 9.0 versions prior to 9.0.8 Version: 8.9 versions prior to 8.9.9 Version: 8.8 versions prior to 8.8.11 Version: 7 versions prior to 7.74

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:16.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2020-012"
          },
          {
            "name": "FEDORA-2020-6f1079934c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"
          },
          {
            "name": "FEDORA-2020-d50d74d6f2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-13671",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T12:38:31.133573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-01-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:45:31.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-18T00:00:00+00:00",
            "value": "CVE-2020-13671 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drupal Core",
          "vendor": "Drupal",
          "versions": [
            {
              "status": "affected",
              "version": "9.0 versions prior to 9.0.8"
            },
            {
              "status": "affected",
              "version": "8.9 versions prior to 8.9.9"
            },
            {
              "status": "affected",
              "version": "8.8 versions prior to 8.8.11"
            },
            {
              "status": "affected",
              "version": "7 versions prior to 7.74"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-15T03:06:07.000Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/sa-core-2020-012"
        },
        {
          "name": "FEDORA-2020-6f1079934c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"
        },
        {
          "name": "FEDORA-2020-d50d74d6f2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@drupal.org",
          "ID": "CVE-2020-13671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drupal Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0 versions prior to 9.0.8"
                          },
                          {
                            "version_value": "8.9 versions prior to 8.9.9"
                          },
                          {
                            "version_value": "8.8 versions prior to 8.8.11"
                          },
                          {
                            "version_value": "7 versions prior to 7.74"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Drupal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.drupal.org/sa-core-2020-012",
              "refsource": "CONFIRM",
              "url": "https://www.drupal.org/sa-core-2020-012"
            },
            {
              "name": "FEDORA-2020-6f1079934c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/"
            },
            {
              "name": "FEDORA-2020-d50d74d6f2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2020-13671",
    "datePublished": "2020-11-20T15:40:39.000Z",
    "dateReserved": "2020-05-28T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:45:31.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted