Vulnerability Database

296,720

Total vulnerabilities in the database

Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution

The Contextual Links module doesn't sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Published: May 15, 2024
Updated: Jun 27, 2024
GHSA: GHSA-jjx7-8462-w4m4
Severity: Critical
Exploit:

No technical information available.

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
drupal / drupal	8.0.0	8.5.8
drupal / drupal	8.6.0	8.6.2

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml
https://www.drupal.org/sa-core-2018-006

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo