Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004
|
System information
|
| |
|
|
Affected software |
Drupal |
Description
|
Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: =8.0.0 =9.5.0 =10.0.0 Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could
More info:
https://www.drupal.org/sa-core-2023-004 |
Standar resources
|
|
Property |
Value |
|
CVE |
|
