CVE-2022-25273
published 2023-04-26CVE-2022-25273: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.57%
42.8th percentile
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 8.0.0 < 9.2.18 | 9.2.18 |
| drupal | core | >= 9.2 < 9.2.18 | 9.2.18 |
| drupal | core | >= 9.3 < 9.3.12 | 9.3.12 |
| drupal | core | >= 9.3.0 < 9.3.12 | 9.3.12 |
| drupal | drupal | >= 8.0.0 < 9.2.18 | 9.2.18 |
| drupal | drupal | >= 9.3.0 < 9.3.12 | 9.3.12 |
| drupal | drupal_core | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper input validation in Drupal core
ghsa·2023-04-26
CVE-2022-25273 [HIGH] CWE-20 Improper input validation in Drupal core
Improper input validation in Drupal core
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Drupal 7 is not affected.
OSV
CVE-2022-25273: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation
osv·2023-04-26·CVSS 7.5
CVE-2022-25273 [HIGH] CVE-2022-25273: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
OSV
Improper input validation in Drupal core
osv·2023-04-26
CVE-2022-25273 [HIGH] Improper input validation in Drupal core
Improper input validation in Drupal core
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Drupal 7 is not affected.
OSV
CVE-2022-25273: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation
osv·2022-04-20
CVE-2022-25273 CVE-2022-25273: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
We do not know of affected forms within core itself, but contributed and custom project forms could be affected. Installing this update will fix those forms.
This advisory is not covered by [Drupal Steward](/steward).
Drupal
Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008
vendor_drupal·2022-04-20
CVE-2022-25273 [MEDIUM] Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008
Title: Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008
Vulnerability Type: Improper input validation
Description: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. We do not know of affected forms within core itself, but contributed and custom project forms could be affected. Installing this update will fix those forms. This advisory is not covered by Drupal Steward .
Solution: Install the latest version: If you are using Drupal 9.3, update to Drupal 9.3.12 . If you are using Drupal 9.2, u
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-26
Published