CNNVD-202511-2038 Information
CNNVD ID
CNNVD-202511-2038
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Drupal core是Drupal社区的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal core 10.4.9之前版本、10.5.0版本至10.5.6之前版本、11.0.0版本至11.1.9之前版本和11.2.0版本至11.2.8之前版本存在安全漏洞,该漏洞源于动态确定对象属性修改控制不当,可能导致对象注入。
Description (English)
Drupal core is a free, open-source content management system developed in the PHP language in the Drupal community. Pre-Drupal core 10.4.9, Version 10.5.0 to Pre-Proceeding 10.5.6, Version 11.0.0 to Pre-Proceeding 11.1.9 and Version 11.2.0 to Pre-Proceeding 11.2.8 have a security loophole, which stems from inappropriate control over dynamic targeting properties and may lead to the injection of objects.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Drupal
Published
2025-11-18
Last Modified
2026-02-24
References
https://www.drupal.org/sa-core-2025-006 https://vigilance.fr/vulnerability/Drupal-Core-code-execution-via-Gadget-Chain-Deserialization-48763
Patch
https://www.drupal.org/project/drupal/releases
Share on: