CVE-2022-25271 — Vulnetix

CVE-2022-25271 PUBLISHED

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

EPSS 0.36% · 58.0th percentile

Risk Scores

EPSS Score

0.36%

58.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	drupal	7.0.0, 9.2.0, 7.0.0
Bitnami	drupal	7.0.0, 9.2.0, 9.3.0

Timeline

Feb 16, 2022 CVE Published
Feb 17, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 24, 2022 EPSS Score
Sep 14, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score
Jun 2, 2023 EPSS Score

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ url
https://www.drupal.org/sa-core-2022-003 url
https://nvd.nist.gov/vuln/detail/CVE-2022-25271 url

Open in Interactive Console →