CVE-2024-11942

CWE-3907 documents5 sources
Severity
5.9MEDIUM
EPSS
1.6%
top 18.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal Drupal CoreDrupal DrupalDrupal Core
Timeline
PublishedDec 5

Description

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Packagistdrupal/core10.0.010.2.10
CVEListV5drupal/drupal_core10.0.010.2.10
NVDdrupal/drupal10.0.010.2.10

🔴Vulnerability Details

5
GHSA
Drupal core vulnerable to improper error handling2024-12-05
OSV
Drupal core vulnerable to improper error handling2024-12-05
CVEList
Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-0022024-12-05
OSV
CVE-2024-11942: A vulnerability in Drupal Core allows File Manipulation2024-12-05
OSV
CVE-2024-11942: Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different loca2024-10-16

📋Vendor Advisories

1
Drupal
Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-0022024-10-16
CVE-2024-11942 (MEDIUM CVSS 5.9) | A vulnerability in Drupal Core allo | cvebase.io