Arbitrary PHP Code Execution Vulnerability in Drupal Core by Drupal
CVE-2020-13664

8.8HIGH

Key Information:

Vendor: Drupal
Status: Drupal Core
Vendor: CVE Published:; 5 May 2021

What is CVE-2020-13664?

This vulnerability in Drupal Core allows for arbitrary PHP code execution under specific conditions. An attacker may deceive an administrator into visiting a malicious page, resulting in the creation of a specially named directory on the server's filesystem. This directory could potentially be exploited to brute-force a remote code execution vector, affecting primarily Windows server configurations. Multiple versions of Drupal Core prior to certain updates are susceptible to this security issue, highlighting the importance of timely patches and secure practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Drupal Core 8.8.x < 8.8.8

Drupal Core 8.9.x < 8.9.1

Drupal Core 9.0.1

References

https://www.drupal.org/sa-core-2020-005

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2021
Vulnerability Reserved
May 28, 2020

JSON

Drupal

What is CVE-2020-13664?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.