CNNVD-202511-2036 Information

CNNVD ID

CNNVD-202511-2036

Related CVE

CVE-2025-13082

• CNNVD Published: 2025-11-18

Description (Chinese)

Drupal core是Drupal社区的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal core 10.4.9之前版本、10.5.0版本至10.5.6之前版本、11.0.0版本至11.1.9之前版本和11.2.0版本至11.2.8之前版本存在安全漏洞，该漏洞源于用户界面关键信息错误表示，可能导致内容欺骗。

Description (English)

Drupal core is a free, open-source content management system developed in the PHP language in the Drupal community. There is a security loophole in previous versions of Drupal core 10.4.9, 10.5.0 to 10.5.6, 11.0.0 to 11.1.9 and 11.2.0 to 11.2.8, which stems from key information errors in the user interface, which can lead to content fraud.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-11-18

Last Modified

2026-02-24

References

https://www.drupal.org/sa-core-2025-007 https://vigilance.fr/vulnerability/Drupal-Core-spoofing-via-Defacement-48764

Patch

https://www.drupal.org/project/drupal/releases