├── README.md └── templates ├── 2017 ├── drupal_module-autologout-cross-site-scripting.yaml ├── drupal_module-bootstrap_carousel-cross-site-scripting.yaml ├── drupal_module-brilliant_gallery-multiple-vulnerabilities.yaml ├── drupal_module-cloud-csrf.yaml ├── drupal_module-comscore_direct-cross-site-scripting.yaml ├── drupal_module-config_perms-access-bypass.yaml ├── drupal_module-config_update-cross-site-request-forgery-.yaml ├── drupal_module-domain_integration-access-bypass.yaml ├── drupal_module-feedback_collect-cross-site-scripting-.yaml ├── drupal_module-link_click_count-unsupported.yaml ├── drupal_module-mailhandler-remote-code-execution.yaml ├── drupal_module-me-arbitrary-code-execution.yaml ├── drupal_module-moneysuite-access-bypass.yaml ├── drupal_module-mosaik-cross-site-scripting.yaml ├── drupal_module-netforum_authentication-access-bypass.yaml ├── drupal_module-node_feedback-access-bypass.yaml ├── drupal_module-panopoly_core-cross-site-scripting.yaml ├── drupal_module-permissions_by_term-access-bypass.yaml ├── drupal_module-services_sso_client-cross-site-scripting.yaml └── drupal_module-yandex_metrics-cross-site-scripting.yaml ├── 2018 ├── drupal_module-adtego_siteintel-unsupported.yaml ├── drupal_module-backup_migrate-arbitrary-php-code-execution.yaml ├── drupal_module-baidu_analytics-unsupported.yaml ├── drupal_module-bealestreet-cross-site-scripting.yaml ├── drupal_module-bible-multiple-vulnerabilities.yaml ├── drupal_module-bing_autosuggest_api-cross-site-scripting.yaml ├── drupal_module-bootstrap-cross-site-scripting.yaml ├── drupal_module-ckeditor_uploadimage-access-bypass.yaml ├── drupal_module-commerce-access-bypass.yaml ├── drupal_module-commerce_custom_order_status-cross-site-scripting.yaml ├── drupal_module-commerce_klarna_checkout-access-bypass.yaml ├── drupal_module-config_perms-access-bypass.yaml ├── drupal_module-datereminder-access-bypass.yaml ├── drupal_module-decoupled_router-access-bypass.yaml ├── drupal_module-drd_agent-php-object-injection.yaml ├── drupal_module-ds-cross-site-scripting-.yaml ├── drupal_module-dynamic_banner-cross-site-scripting.yaml ├── drupal_module-entity-information-disclosure.yaml ├── drupal_module-entity_delete-multiple-vulnerabilities.yaml ├── drupal_module-entity_ref_tab_formatter-cross-site-scripting.yaml ├── drupal_module-entityqueue_taxonomy-sql-injection.yaml ├── drupal_module-esign-cross-site-scripting.yaml ├── drupal_module-eu_cookie_compliance-cross-site-scripting.yaml ├── drupal_module-exif-access-bypass.yaml ├── drupal_module-filefield_paths-remote-code-execution.yaml ├── drupal_module-filefield_sources-access-bypass.yaml ├── drupal_module-fraction-xss-vulnerability.yaml ├── drupal_module-gathercontent-access-bypass.yaml ├── drupal_module-genpass-insecure-randomness.yaml ├── drupal_module-htmlmail-remote-code-execution.yaml ├── drupal_module-jsonapi-access-bypass.yaml ├── drupal_module-jsonapi-cross-site-request-forgery.yaml ├── drupal_module-jsonapi-multiple-vulnerabilities.yaml ├── drupal_module-lightbox2-cross-site-scripting.yaml ├── drupal_module-litejazz-cross-site-scripting.yaml ├── drupal_module-mass_pwreset-insecure-randomness.yaml ├── drupal_module-media-remote-code-execution.yaml ├── drupal_module-menu_export-access-bypass.yaml ├── drupal_module-mimemail-remote-code-execution.yaml ├── drupal_module-mollom-unsupported.yaml ├── drupal_module-newsflash-cross-site-scripting.yaml ├── drupal_module-node_view_permissions-access-bypass.yaml ├── drupal_module-nvp-cross-site-scripting.yaml ├── drupal_module-paragraphs-access-bypass.yaml ├── drupal_module-password_policy-denial-of-service.yaml ├── drupal_module-phpconfig-arbitrary-php-code-execution.yaml ├── drupal_module-print-remote-code-execution.yaml ├── drupal_module-renderkit-access-bypass.yaml ├── drupal_module-responsive_menus-cross-site-scripting.yaml ├── drupal_module-sagepay_payment-access-bypass.yaml ├── drupal_module-salesforce-access-bypass.yaml ├── drupal_module-search_api_solr-access-bypass.yaml ├── drupal_module-search_autocomplete-cross-site-scripting.yaml ├── drupal_module-select_or_other-cross-site-scripting.yaml ├── drupal_module-session_limit-insecure-session-management.yaml ├── drupal_module-simple_revision-unsupported.yaml ├── drupal_module-stacks-arbitrary-php-code-execution.yaml ├── drupal_module-svg_formatter-cross-site-scripting.yaml ├── drupal_module-tapestry-cross-site-scripting.yaml ├── drupal_module-term_reference_tree-cross-site-scripting.yaml ├── drupal_module-tfa_basic-insecure-randomness.yaml ├── drupal_module-tft-access-bypass.yaml ├── drupal_module-token_custom-arbitrary-php-code-execution.yaml ├── drupal_module-uuid-arbitrary-file-upload.yaml ├── drupal_module-workbench_moderation-access-bypass.yaml └── drupal_module-xmlsitemap-information-disclosure.yaml ├── 2019 ├── drupal_module-acquia_connector-access-bypass.yaml ├── drupal_module-addtoany-cross-site-scripting.yaml ├── drupal_module-admin_views-access-bypass.yaml ├── drupal_module-advanced_forum-cross-site-scripting.yaml ├── drupal_module-back_to_top-cross-site-scripting.yaml ├── drupal_module-bat-access-bypass.yaml ├── drupal_module-bugsnag-unsupported.yaml ├── drupal_module-cleantalk-cross-site-scripting-and-sql-injection.yaml ├── drupal_module-commerce_ingenico-unsupported.yaml ├── drupal_module-config_perms-access-bypass.yaml ├── drupal_module-context-cross-site-scripting.yaml ├── drupal_module-create_user_permission-access-bypass.yaml ├── drupal_module-dvg-access-bypass.yaml ├── drupal_module-elf-open-redirect-vulnerability.yaml ├── drupal_module-eu_cookie_compliance-cross-site-scripting.yaml ├── drupal_module-existing_values_autocomplete_widget-access-bypass.yaml ├── drupal_module-facets-cross-site-scripting.yaml ├── drupal_module-faq-unsupported.yaml ├── drupal_module-fb_messenger_customer_chat_plugin-access-bypass.yaml ├── drupal_module-field_slideshow-cross-site-scripting.yaml ├── drupal_module-focal_point-cross-site-scripting.yaml ├── drupal_module-fontawesome-remote-code-execution.yaml ├── drupal_module-forms_steps-access-bypass.yaml ├── drupal_module-gutenberg-access-bypass.yaml ├── drupal_module-hosting_https-access-bypass.yaml ├── drupal_module-imagecache_actions-multiple-vulnerabilities.yaml ├── drupal_module-imagecache_external-insecure-session-token-management.yaml ├── drupal_module-jsonapi-remote-code-execution.yaml ├── drupal_module-l10n_update-insecure-server-configuration.yaml ├── drupal_module-link-remote-code-execution.yaml ├── drupal_module-login_alert-access-bypass.yaml ├── drupal_module-maxlength-cross-site-scripting.yaml ├── drupal_module-menu_item_extras-cross-site-request-forgery.yaml ├── drupal_module-metatag-information-disclosure.yaml ├── drupal_module-metatag-remote-code-execution.yaml ├── drupal_module-metatags_quick-cross-site-scripting.yaml ├── drupal_module-miniorange_oauth_client-multiple-vulnerabilities.yaml ├── drupal_module-modal_page-access-bypass.yaml ├── drupal_module-module_filter-cross-site-scripting.yaml ├── drupal_module-multiple_registration-access-bypass.yaml ├── drupal_module-nexus-unsupported.yaml ├── drupal_module-noggin-unsupported.yaml ├── drupal_module-opigno_forum-access-bypass.yaml ├── drupal_module-opigno_learning_path-access-bypass.yaml ├── drupal_module-panels_breadcrumbs-cross-site-scripting.yaml ├── drupal_module-paragraphs-remote-code-execution.yaml ├── drupal_module-path_breadcrumbs-cross-site-scripting.yaml ├── drupal_module-permissions_by_term-access-bypass.yaml ├── drupal_module-phonefield-sql-injection.yaml ├── drupal_module-preview_link-access-bypass.yaml ├── drupal_module-provision-access-bypass.yaml ├── drupal_module-pubdlcnt-open-redirect-vulnerability.yaml ├── drupal_module-rabbit_hole-access-bypass.yaml ├── drupal_module-registration-multiple-vulnerabilities.yaml ├── drupal_module-restful-remote-code-execution.yaml ├── drupal_module-restws-access-bypass.yaml ├── drupal_module-scroll_to_top-cross-site-scripting.yaml ├── drupal_module-sendinblue-unsupported.yaml ├── drupal_module-services-access-bypass.yaml ├── drupal_module-services-sql-injection.yaml ├── drupal_module-shs-cross-site-request-forgery.yaml ├── drupal_module-simple_amp-access-bypass.yaml ├── drupal_module-smart_trim-cross-site-scripting.yaml ├── drupal_module-social-insecure-session-management.yaml ├── drupal_module-stage_file_proxy-denial-of-service.yaml ├── drupal_module-super_login-cross-site-scripting.yaml ├── drupal_module-tablefield-access-bypass-and-cross-site-scripting.yaml ├── drupal_module-tablefield-access-bypass.yaml ├── drupal_module-tablefield-remote-code-execution.yaml ├── drupal_module-taxonomy_access_fix-access-bypass.yaml ├── drupal_module-tmgmt-remote-code-execution.yaml ├── drupal_module-ubercart-cross-site-request-forgery.yaml ├── drupal_module-ubercart-cross-site-scripting.yaml ├── drupal_module-uuid-access-bypass.yaml ├── drupal_module-video-remote-code-execution.yaml ├── drupal_module-views-cross-site-scripting.yaml ├── drupal_module-views-information-disclosure.yaml ├── drupal_module-webform-multiple-vulnerabilities.yaml └── drupal_module-workflow-cross-site-scripting.yaml ├── 2020 ├── drupal_module-apigee_edge-access-bypass.yaml ├── drupal_module-ckeditor-cross-site-scripting.yaml ├── drupal_module-commerce-access-bypass.yaml ├── drupal_module-easy_breadcrumb-cross-site-scripting.yaml ├── drupal_module-examples-remote-code-execution.yaml ├── drupal_module-group-information-disclosure.yaml ├── drupal_module-i18n-cross-site-scripting.yaml ├── drupal_module-jsonapi-unsupported.yaml ├── drupal_module-media_oembed-remote-code-execution.yaml ├── drupal_module-miniorange_saml-access-bypass.yaml ├── drupal_module-modal_form-access-bypass.yaml ├── drupal_module-oauth_server_sso-sql-injection.yaml ├── drupal_module-open_readspeaker-cross-site-scripting.yaml ├── drupal_module-prlp-access-bypass.yaml ├── drupal_module-profile-access-bypass.yaml ├── drupal_module-radix-cross-site-scripting.yaml ├── drupal_module-recaptcha_v3-access-bypass.yaml ├── drupal_module-renderkit-access-bypass.yaml ├── drupal_module-saml_sp-access-bypass.yaml ├── drupal_module-services-access-bypass.yaml ├── drupal_module-spamicide-access-bypass.yaml ├── drupal_module-spamspan-cross-site-scripting.yaml ├── drupal_module-svg_formatter-cross-site-scripting.yaml ├── drupal_module-svg_image-cross-site-scripting.yaml ├── drupal_module-views_bulk_operations-access-bypass.yaml ├── drupal_module-webform-access-bypass.yaml ├── drupal_module-webform-cross-site-scripting.yaml ├── drupal_module-webform-remote-code-execution.yaml └── drupal_module-yubikey-access-bypass.yaml ├── 2021 ├── drupal_module-admin_toolbar-multiple-issues.yaml ├── drupal_module-apigee_edge-access-bypass.yaml ├── drupal_module-block_content_revision_ui-access-bypass.yaml ├── drupal_module-commerce-multiple-issues.yaml ├── drupal_module-cshs-cross-site-scripting.yaml ├── drupal_module-ctools-access-bypass.yaml ├── drupal_module-ctools-information-disclosure.yaml ├── drupal_module-domain_group-access-bypass.yaml ├── drupal_module-entity_embed-cross-site-request-forgery.yaml ├── drupal_module-fac-access-bypass.yaml ├── drupal_module-facets-cross-site-scripting.yaml ├── drupal_module-faq-cross-site-scripting.yaml ├── drupal_module-file_extractor-arbitrary-php-code-execution.yaml ├── drupal_module-form_mode_manager-access-bypass.yaml ├── drupal_module-graphql-access-bypass.yaml ├── drupal_module-graphql-information-disclosure.yaml ├── drupal_module-gutenberg-access-bypass.yaml ├── drupal_module-linkit-cross-site-scripting.yaml ├── drupal_module-linky_revision_ui-access-bypass.yaml ├── drupal_module-loft_data_grids-xml-external-entity--processing.yaml ├── drupal_module-mail_login-access-bypass.yaml ├── drupal_module-miniorange_saml-multiple-vulnerabilities.yaml ├── drupal_module-openid_connect-access-bypass.yaml ├── drupal_module-openid_connect_windows_aad-access-bypass.yaml ├── drupal_module-opigno_group_manager-ui-redressing-.yaml ├── drupal_module-opigno_learning_path-ui-redressing-.yaml ├── drupal_module-pages_restriction-access-bypass.yaml ├── drupal_module-samlauth-access-bypass.yaml ├── drupal_module-search_api_attachments-arbitrary-php-code-execution.yaml ├── drupal_module-search_api_page-cross-site-scripting.yaml ├── drupal_module-social-access-bypass.yaml ├── drupal_module-social-authentication-bypass.yaml ├── drupal_module-social-sql-injection.yaml ├── drupal_module-subgroup-access-bypass.yaml ├── drupal_module-taxonomy_manager-access-bypass.yaml ├── drupal_module-tb_megamenu-access-bypass.yaml ├── drupal_module-tb_megamenu-cross-site-request-forgery.yaml ├── drupal_module-tb_megamenu-cross-site-scripting.yaml ├── drupal_module-tb_megamenu-multiple-issues.yaml ├── drupal_module-user_hash-cache-poisoning.yaml ├── drupal_module-webform-access-bypass.yaml ├── drupal_module-webform-cross-site-scripting.yaml └── drupal_module-webform-multiple-issues.yaml ├── 2022 ├── drupal_module-admin_toolbar_search-unsupported.yaml ├── drupal_module-anonymousredirect-unsupported.yaml ├── drupal_module-apigee_edge-access-bypass.yaml ├── drupal_module-business_responsive_theme-unsupported.yaml ├── drupal_module-cleantalk-sql-injection.yaml ├── drupal_module-cog-unsupported.yaml ├── drupal_module-colorbox-unsupported.yaml ├── drupal_module-colorbox_node-unsupported.yaml ├── drupal_module-commerce_elavon-access-bypass.yaml ├── drupal_module-config_terms-access-bypass.yaml ├── drupal_module-context-cross-site-scripting.yaml ├── drupal_module-custom_breadcrumbs-cross-site-scripting.yaml ├── drupal_module-dfp-cross-site-scripting.yaml ├── drupal_module-embed-cross-site-request-forgery.yaml ├── drupal_module-entity_browser_block-access-bypass.yaml ├── drupal_module-entity_print-multiple-issues.yaml ├── drupal_module-entity_reference_tree-cross-site-scripting.yaml ├── drupal_module-exif-remote-code-execution.yaml ├── drupal_module-expire_reset_pass_link-unsupported.yaml ├── drupal_module-fancy_file_delete-access-bypass.yaml ├── drupal_module-filefield_paths-access-bypass.yaml ├── drupal_module-govuk_theme-cross-site-scripting.yaml ├── drupal_module-h5p-remote-code-execution.yaml ├── drupal_module-image_export_import-unsupported.yaml ├── drupal_module-image_field_caption-cross-site-scripting.yaml ├── drupal_module-jquery_ui_checkboxradio-cross-site-scripting.yaml ├── drupal_module-jquery_ui_datepicker-cross-site-scripting.yaml ├── drupal_module-link-cross-site-scripting.yaml ├── drupal_module-lottiefiles_field-cross-site-scripting.yaml ├── drupal_module-media_entity_flickr-unsupported.yaml ├── drupal_module-navbar-cross-site-scripting.yaml ├── drupal_module-next-access-bypass.yaml ├── drupal_module-opigno_learning_path-access-bypass.yaml ├── drupal_module-pdf_api-remote-code-execution.yaml ├── drupal_module-permissions_by_term-access-bypass.yaml ├── drupal_module-print-unsupported.yaml ├── drupal_module-private_taxonomy-multiple-issues.yaml ├── drupal_module-quick_node_clone-access-bypass.yaml ├── drupal_module-quickedit-information-disclosure.yaml ├── drupal_module-rate-unsupported.yaml ├── drupal_module-registration-access-bypass.yaml ├── drupal_module-remote_stream_wrapper-unsupported.yaml ├── drupal_module-rename_admin_paths-access-bypass.yaml ├── drupal_module-role_delegation-privilege-escalation.yaml ├── drupal_module-s3fs-access-bypass.yaml ├── drupal_module-search_api-information-disclosure.yaml ├── drupal_module-simple_oauth-access-bypass.yaml ├── drupal_module-social-access-bypass.yaml ├── drupal_module-socialbase-access-bypass.yaml ├── drupal_module-super_login-access-bypass.yaml ├── drupal_module-svg_formatter-cross-site-scripting.yaml ├── drupal_module-swiftype-unsupported.yaml ├── drupal_module-tac_lite-unsupported.yaml ├── drupal_module-tagify-access-bypass.yaml ├── drupal_module-twig_field_value-access-bypass.yaml ├── drupal_module-vendor_stream_wrapper-unsupported.yaml ├── drupal_module-vppr-access-bypass.yaml ├── drupal_module-vppr-unsupported.yaml ├── drupal_module-wingsuit_companion-access-bypass.yaml └── drupal_module-wysiwyg-cross-site-scripting.yaml ├── 2023 ├── drupal_module-acl-arbitrary-php-code-execution.yaml ├── drupal_module-addtoany-access-bypass.yaml ├── drupal_module-addtoany-cross-site-scripting.yaml ├── drupal_module-apigee_edge-access-bypass.yaml ├── drupal_module-better_social_sharing_buttons-cross-site-scripting.yaml ├── drupal_module-civicccookiecontrol-cross-site-scripting.yaml ├── drupal_module-config_pages-information-disclosure.yaml ├── drupal_module-consent_popup-cross-site-scripting.yaml ├── drupal_module-content_moderation_notifications-information-disclosure.yaml ├── drupal_module-datafield-access-bypass.yaml ├── drupal_module-dvf-cross-site-scripting.yaml ├── drupal_module-entity_browser-information-disclosure.yaml ├── drupal_module-expandable_formatter-cross-site-scripting.yaml ├── drupal_module-file_chooser_field-multiple-issues.yaml ├── drupal_module-flexiaccess-arbitrary-php-code-execution.yaml ├── drupal_module-forum_access-arbitrary-php-code-execution.yaml ├── drupal_module-gdpr_alert-cross-site-scripting.yaml ├── drupal_module-graphql-access-bypass.yaml ├── drupal_module-graphql-cross-site-request-forgery.yaml ├── drupal_module-gridstack-cross-site-scripting.yaml ├── drupal_module-group-access-bypass.yaml ├── drupal_module-group_forum-access-bypass.yaml ├── drupal_module-gutenberg-denial-of-service.yaml ├── drupal_module-highlight_php-cross-site-scripting.yaml ├── drupal_module-iubenda_integration-cross-site-scripting.yaml ├── drupal_module-libraries_ui-access-bypass.yaml ├── drupal_module-mail_login-access-bypass.yaml ├── drupal_module-mailchimp-cross-site-request-forgery.yaml ├── drupal_module-matomo-cross-site-scripting.yaml ├── drupal_module-media_library_block-information-disclosure.yaml ├── drupal_module-media_library_form_element-information-disclosure.yaml ├── drupal_module-media_responsive_thumbnail-information-disclosure.yaml ├── drupal_module-minifyhtml-cross-site-scripting.yaml ├── drupal_module-mollie-faulty-payment-confirmation-logic.yaml ├── drupal_module-obfuscate_email-cross-site-scripting.yaml ├── drupal_module-office_hours-cross-site-scripting.yaml ├── drupal_module-photos-access-bypass.yaml ├── drupal_module-private_taxonomy-access-bypass.yaml ├── drupal_module-protected_pages-access-bypass.yaml ├── drupal_module-responsive_media_image-unsupported.yaml ├── drupal_module-s3fs-access-bypass.yaml ├── drupal_module-safedelete-access-bypass.yaml ├── drupal_module-search_autocomplete-cross-site-scripting.yaml ├── drupal_module-shorthand-access-bypass.yaml ├── drupal_module-symfony_mailer-cross-site-request-forgery.yaml ├── drupal_module-tacjs-cross-site-scripting.yaml ├── drupal_module-tfa-access-bypass.yaml ├── drupal_module-thunder-access-bypass.yaml ├── drupal_module-unified_twig_ext-cross-site-scripting.yaml ├── drupal_module-webprofiler-cross-site-scripting.yaml ├── drupal_module-xray_audit-cross-site-scripting.yaml └── drupal_module-xsendfile-access-bypass.yaml ├── 2024 ├── drupal_module-advanced_pwa-access-bypass.yaml ├── drupal_module-all_extensions-unsupported.yaml ├── drupal_module-basic_auth-access-bypass.yaml ├── drupal_module-browser_back_button-cross-site-scripting.yaml ├── drupal_module-ckeditor_lts-cross-site-scripting.yaml ├── drupal_module-coffee-cross-site-scripting.yaml ├── drupal_module-commerce_view_receipt-access-bypass.yaml ├── drupal_module-cookiebot_gtm-cross-site-scripting.yaml ├── drupal_module-download_all_files-access-bypass.yaml ├── drupal_module-eloqua-arbitrary-php-code-execution.yaml ├── drupal_module-email_contact-access-bypass.yaml ├── drupal_module-entity_delete_log-access-bypass.yaml ├── drupal_module-entity_form_steps-cross-site-scripting.yaml ├── drupal_module-file_entity-multiple-issues.yaml ├── drupal_module-git_utils-unsupported.yaml ├── drupal_module-image_sizes-access-bypass.yaml ├── drupal_module-loft_data_grids-multiple-vulnerabilities.yaml ├── drupal_module-login_disable-access-bypass.yaml ├── drupal_module-mailjet-arbitrary-php-code-execution.yaml ├── drupal_module-megamenu_framework-unsupported.yaml ├── drupal_module-migrate_queue_importer-cross-site-request-forgery.yaml ├── drupal_module-migrate_tools-cross-site-request-forgery.yaml ├── drupal_module-minifyjs-cross-site-request-forgery.yaml ├── drupal_module-miniorange_oauth_client-cross-site-scripting.yaml ├── drupal_module-node_access_rebuild_progressive-access-bypass.yaml ├── drupal_module-node_export-arbitrary-php-code-execution.yaml ├── drupal_module-ohdear_integration-access-bypass.yaml ├── drupal_module-pages_restriction-access-bypass.yaml ├── drupal_module-postfile-cross-site-request-forgery.yaml ├── drupal_module-postfile-multiple-issues.yaml ├── drupal_module-print_anything-unsupported.yaml ├── drupal_module-private_content-access-bypass.yaml ├── drupal_module-registration_role-access-bypass.yaml ├── drupal_module-rest_api_authentication-access-bypass.yaml ├── drupal_module-rest_views-information-disclosure.yaml ├── drupal_module-restws-access-bypass.yaml ├── drupal_module-smartling-multiple-vulnerabilities.yaml ├── drupal_module-social-access-bypass.yaml ├── drupal_module-social-information-disclosure.yaml ├── drupal_module-swiftmailer-access-bypass.yaml ├── drupal_module-symfony_mailer_lite-cross-site-request-forgery.yaml ├── drupal_module-tacjs-cross-site-scripting.yaml ├── drupal_module-tarte_au_citron-cross-site-scripting.yaml ├── drupal_module-tfa-access-bypass.yaml ├── drupal_module-tooltip-cross-site-scripting.yaml ├── drupal_module-typogrify-cross-site-scripting.yaml └── drupal_module-views_svg_animation-cross-site-scripting.yaml ├── 2025 ├── drupal_module-email_tfa-access-bypass.yaml └── drupal_module-profile_private-unsupported.yaml └── .gitkeep /README.md: -------------------------------------------------------------------------------- 1 | # nuclei-drupal-sa 2 | Nuclei templates for drupal vulns... far from perfect 3 | 4 | PR if you want stuff to change. 5 | 6 | How to use 7 | --- 8 | ``` 9 | nuclei -t ./nuclei-drupal-sa/templates/ --target https://www.example.com 10 | ``` 11 | -------------------------------------------------------------------------------- /templates/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /templates/2017/drupal_module-config_perms-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-config_perms-access-bypass 3 | info: 4 | name: drupal_module-config_perms-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "Custom Permissions is a lightweight module that allows permissions to be created and managed through an administrative form. When this module is in use, any user who is able to perform an action which rebuilds some of Drupals caches can trigger a scenario in which certain pages protected by this modules custom permissions temporarily lose those custom access controls, thereby leading to an access bypass vulnerability." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2017-083 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/config_perms/" 14 | google-query: "inurl:'/sites/all/modules/config_perms/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/config_perms/config_perms.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'config_perms' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2017/drupal_module-me-arbitrary-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-me-arbitrary-code-execution 3 | info: 4 | name: drupal_module-me-arbitrary-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "me module provides shortcut paths to current users pages, eg user/me, blog/me, user/me/edit, tracker/me etc. The way me module handles URL arguments allows an attacker to execute arbitrary code strings." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2017-097 10 | metadata: 11 | security-risk: "Highly critical 20∕25 AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "arbitrary-code-execution" 13 | fofa-query: "/sites/all/modules/me/" 14 | google-query: "inurl:'/sites/all/modules/me/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/me/me.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'me' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.2') 52 | - compare_versions(version, '7.x-1.1') 53 | - compare_versions(version, '7.x-1.0') 54 | -------------------------------------------------------------------------------- /templates/2017/drupal_module-mosaik-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-mosaik-cross-site-scripting 3 | info: 4 | name: drupal_module-mosaik-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Mosaik module enables you to create pages or complex blocks in Drupal with the logic of a real mosaic and its pieces. The module doesnt sufficiently sanitize the titles of fieldsets on its administration pages or the titles of blocks that it creates. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer mosaik." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2017-080 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/mosaik/" 14 | google-query: "inurl:'/sites/all/modules/mosaik/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/mosaik/mosaik.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'mosaik' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.1') 52 | - compare_versions(version, '7.x-1.0') 53 | -------------------------------------------------------------------------------- /templates/2017/drupal_module-netforum_authentication-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-netforum_authentication-access-bypass 3 | info: 4 | name: drupal_module-netforum_authentication-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The netFORUM Authentication module implements external authentication for users against netFORUM. The module does not correctly use flood control making it susceptible to brute force attacks." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2017-077 10 | metadata: 11 | security-risk: "Moderately critical 12∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/netforum_authentication/" 14 | google-query: "inurl:'/sites/all/modules/netforum_authentication/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/netforum_authentication/netforum_authentication.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'netforum_authentication' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2017/drupal_module-yandex_metrics-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-yandex_metrics-cross-site-scripting 3 | info: 4 | name: drupal_module-yandex_metrics-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Yandex.Metrics module allows you to look for key indicators of your site effectiveness. The module doesnt sufficiently let users know a setting page should not be given to untrusted users. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer Yandex.Metrics settings. Edited October 19, 2017 to add a note about checking permissions." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2017-078 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/yandex_metrics/" 14 | google-query: "inurl:'/sites/all/modules/yandex_metrics/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/yandex_metrics/yandex_metrics.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'yandex_metrics' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-3.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-adtego_siteintel-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-adtego_siteintel-unsupported 3 | info: 4 | name: drupal_module-adtego_siteintel-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-039 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/adtego_siteintel/" 14 | google-query: "inurl:'/sites/all/modules/adtego_siteintel/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/adtego_siteintel/adtego_siteintel.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'adtego_siteintel' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-baidu_analytics-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-baidu_analytics-unsupported 3 | info: 4 | name: drupal_module-baidu_analytics-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466. The security team marks all unsupported modules critical by default." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-029 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/baidu_analytics/" 14 | google-query: "inurl:'/sites/all/modules/baidu_analytics/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/baidu_analytics/baidu_analytics.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'baidu_analytics' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-bealestreet-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-bealestreet-cross-site-scripting 3 | info: 4 | name: drupal_module-bealestreet-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "This theme features 4 built-in color styles, 18 collapsible regions, Suckerfish menus, flexible widths, adjustable sidebars, configurable font family, and lots more. The theme doesnt sufficiently sanitize user input. This vulnerability is mitigated by the fact that the theme is not exploitable under common site configurations." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-048 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/bealestreet/" 14 | google-query: "inurl:'/sites/all/modules/bealestreet/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/bealestreet/bealestreet.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'bealestreet' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.1') 52 | - compare_versions(version, '7.x-1.0') 53 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-bing_autosuggest_api-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-bing_autosuggest_api-cross-site-scripting 3 | info: 4 | name: drupal_module-bing_autosuggest_api-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to use the Bing Autosuggest API. The module doesnt sufficiently sanitize a value used to populate an API request." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-058 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/bing_autosuggest_api/" 14 | google-query: "inurl:'/sites/all/modules/bing_autosuggest_api/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/bing_autosuggest_api/bing_autosuggest_api.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'bing_autosuggest_api' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-commerce-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-commerce-access-bypass 3 | info: 4 | name: drupal_module-commerce-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to build eCommerce websites and applications with Drupal. The module doesnt sufficiently check access for some of its entity types." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-057 10 | metadata: 11 | security-risk: "Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/commerce/" 14 | google-query: "inurl:'/sites/all/modules/commerce/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/commerce/commerce.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'commerce' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.9.0') 57 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-dynamic_banner-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-dynamic_banner-cross-site-scripting 3 | info: 4 | name: drupal_module-dynamic_banner-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables a site to display different banners (via blocks) on different pages depending upon specific criteria. The module doesnt sufficiently filter output of banner data. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer dynamic_banner." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-011 10 | metadata: 11 | security-risk: "Less critical 7∕25 AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/dynamic_banner/" 14 | google-query: "inurl:'/sites/all/modules/dynamic_banner/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/dynamic_banner/dynamic_banner.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'dynamic_banner' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-exif-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-exif-access-bypass 3 | info: 4 | name: drupal_module-exif-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to retrieve image metadata and use them in fields or title. The module doesnt sufficiently restrict access to module setting pages thereby causing an access bypass vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to create entities of certain content entity types." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-017 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/exif/" 14 | google-query: "inurl:'/sites/all/modules/exif/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/exif/exif.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'exif' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-gathercontent-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-gathercontent-access-bypass 3 | info: 4 | name: drupal_module-gathercontent-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to import and export data from the GatherContent service. The module didnt properly protect its administrative paths." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-075 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/gathercontent/" 14 | google-query: "inurl:'/sites/all/modules/gathercontent/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/gathercontent/gathercontent.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'gathercontent' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-3.4') 52 | - compare_versions(version, '7.x-3.3') 53 | - compare_versions(version, '7.x-3.2') 54 | - compare_versions(version, '7.x-3.1') 55 | - compare_versions(version, '7.x-3.0') 56 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-litejazz-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-litejazz-cross-site-scripting 3 | info: 4 | name: drupal_module-litejazz-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "This theme features 3 color styles, 12 fully collapsible regions, suckerfish menus, fluid or fixed widths, easy configuration, and more. The theme doesnt sufficiently sanitize user input. This vulnerability is mitigated by the fact that the theme is only exploitable with non-default settings and under certain site configurations." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-050 10 | metadata: 11 | security-risk: "Moderately critical 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/litejazz/" 14 | google-query: "inurl:'/sites/all/modules/litejazz/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/litejazz/litejazz.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'litejazz' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-2.2') 52 | - compare_versions(version, '7.x-2.1') 53 | - compare_versions(version, '7.x-2.0') 54 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-mass_pwreset-insecure-randomness.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-mass_pwreset-insecure-randomness 3 | info: 4 | name: drupal_module-mass_pwreset-insecure-randomness 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to reset passwords for all users based upon their user role. The module doesnt use a strong source of randomness, creating weak and predictable passwords. This vulnerability is mitigated by the fact that the site must be configured to reveal the password to the attacker, which is a common configuration." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-043 10 | metadata: 11 | security-risk: "Less critical 9∕25 AC:Complex/A:User/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "insecure-randomness" 13 | fofa-query: "/sites/all/modules/mass_pwreset/" 14 | google-query: "inurl:'/sites/all/modules/mass_pwreset/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/mass_pwreset/mass_pwreset.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'mass_pwreset' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-menu_export-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-menu_export-access-bypass 3 | info: 4 | name: drupal_module-menu_export-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-018 10 | metadata: 11 | security-risk: "Critical 17∕25 AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/menu_export/" 14 | google-query: "inurl:'/sites/all/modules/menu_export/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/menu_export/menu_export.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'menu_export' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-mimemail-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-mimemail-remote-code-execution 3 | info: 4 | name: drupal_module-mimemail-remote-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. The module doesnt sufficiently sanitized some variables for shell arguments when sending email, which could lead to arbitrary remote code execution. This issue is related to the Drupal Core release SA-CORE-2018-006." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-068 10 | metadata: 11 | security-risk: "Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/mimemail/" 14 | google-query: "inurl:'/sites/all/modules/mimemail/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/mimemail/mimemail.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'mimemail' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-mollom-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-mollom-unsupported 3 | info: 4 | name: drupal_module-mollom-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466. The security team marks all unsupported projects critical by default." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-038 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/mollom/" 14 | google-query: "inurl:'/sites/all/modules/mollom/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/mollom/mollom.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'mollom' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-nvp-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-nvp-cross-site-scripting 3 | info: 4 | name: drupal_module-nvp-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "NVP field module allows you to create a field type of name/value pairs, with custom titles and easily editable rendering with customizable HTML/text surrounding the pairs. The module doesnt sufficiently handle sanitization of its field formatters output. This vulnerability is mitigated by the fact that an attacker must have a role with the permission of creating/editing content where the module defined fields are in use." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-066 10 | metadata: 11 | security-risk: "Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/nvp/" 14 | google-query: "inurl:'/sites/all/modules/nvp/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/nvp/nvp.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'nvp' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-paragraphs-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-paragraphs-access-bypass 3 | info: 4 | name: drupal_module-paragraphs-access-bypass 5 | author: me 6 | severity: medium 7 | description: "The Paragraphs module allows Drupal Site Builders to make content organization cleaner so that you can give more editing power to end-users. The module doesnt sufficiently check access to create new paragraph entities which can cause access bypass issues when used in combination with other contributed modules." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-073 10 | metadata: 11 | security-risk: "Moderately critical 10 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/paragraphs/" 14 | google-query: "inurl:'/sites/all/modules/paragraphs/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/paragraphs/paragraphs.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'paragraphs' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.5.0') 57 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-salesforce-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-salesforce-access-bypass 3 | info: 4 | name: drupal_module-salesforce-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables Drupal to synchronize entities with Salesforce records. The module includes a page that does not sufficiently protect access rights, resulting in potential information disclosure. This vulnerability is mitigated by the fact that only Drupal entity title and IDs, and Salesforce record IDs are exposed. Entity content and metadata are appropriately protected. Disclosure of Salesforce ID does not confer any additional privileges." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-078 10 | metadata: 11 | security-risk: "Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/salesforce/" 14 | google-query: "inurl:'/sites/all/modules/salesforce/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/salesforce/salesforce.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'salesforce' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-3.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-simple_revision-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-simple_revision-unsupported 3 | info: 4 | name: drupal_module-simple_revision-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "Simple Taxonomy Revision module enables revisions for taxonomy terms for Drupal 8. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466. The security team marks all unsupported modules critical by default." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-025 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:None/A:User/CI:Some/II:Some/E:Proof/TD:Default" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/simple_revision/" 14 | google-query: "inurl:'/sites/all/modules/simple_revision/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/simple_revision/simple_revision.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'simple_revision' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-stacks-arbitrary-php-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-stacks-arbitrary-php-code-execution 3 | info: 4 | name: drupal_module-stacks-arbitrary-php-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets. The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class. This vulnerability is mitigated by the fact that only sites with the Stacks - Content Feed submodule enabled are affected." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-001 10 | metadata: 11 | security-risk: "Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "arbitrary-php-code-execution" 13 | fofa-query: "/sites/all/modules/stacks/" 14 | google-query: "inurl:'/sites/all/modules/stacks/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/stacks/stacks.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'stacks' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-tft-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-tft-access-bypass 3 | info: 4 | name: drupal_module-tft-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "Taxonomy File Tree allows site managers to create file trees. For files managed as Drupal files, the module does not properly check that a user has access to a file before letting the user download the file. This vulnerability only affects sites that use private files." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-061 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/tft/" 14 | google-query: "inurl:'/sites/all/modules/tft/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/tft/tft.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'tft' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2018/drupal_module-uuid-arbitrary-file-upload.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-uuid-arbitrary-file-upload 3 | info: 4 | name: drupal_module-uuid-arbitrary-file-upload 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module provides an API for adding universally unique identifiers (UUID) to Drupal objects, most notably entities. The module module has an arbitrary file upload vulnerability when its used in combination with the services REST server. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to allow to upload to the file create REST endpoint." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2018-045 10 | metadata: 11 | security-risk: "Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "arbitrary-file-upload" 13 | fofa-query: "/sites/all/modules/uuid/" 14 | google-query: "inurl:'/sites/all/modules/uuid/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/uuid/uuid.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'uuid' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-bat-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-bat-access-bypass 3 | info: 4 | name: drupal_module-bat-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Bat module provides a foundation through which a wide range of availability management, reservation and booking use cases can be addressed. The routes used to view events dont sufficiently guard access for non-privileged users. Specifically, a user with the View own permission for bat events can view others events as well." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-074 10 | metadata: 11 | security-risk: "Moderately critical 11∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/bat/" 14 | google-query: "inurl:'/sites/all/modules/bat/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/bat/bat.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'bat' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.1') 52 | - compare_versions(version, '8.x-1.0') 53 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-bugsnag-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-bugsnag-unsupported 3 | info: 4 | name: drupal_module-bugsnag-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-081 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/bugsnag/" 14 | google-query: "inurl:'/sites/all/modules/bugsnag/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/bugsnag/bugsnag.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'bugsnag' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-commerce_ingenico-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-commerce_ingenico-unsupported 3 | info: 4 | name: drupal_module-commerce_ingenico-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-089 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/commerce_ingenico/" 14 | google-query: "inurl:'/sites/all/modules/commerce_ingenico/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/commerce_ingenico/commerce_ingenico.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'commerce_ingenico' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-config_perms-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-config_perms-access-bypass 3 | info: 4 | name: drupal_module-config_perms-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to add and manage additional custom permissions through the administration UI. The module doesnt sufficiently check for the proper access permissions to this page. This vulnerability is mitigated by the fact that an attacker must know the route of the Custom Permissions administration form though this is easily known." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-055 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/config_perms/" 14 | google-query: "inurl:'/sites/all/modules/config_perms/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/config_perms/config_perms.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'config_perms' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.1') 52 | - compare_versions(version, '8.x-1.0') 53 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-elf-open-redirect-vulnerability.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-elf-open-redirect-vulnerability 3 | info: 4 | name: drupal_module-elf-open-redirect-vulnerability 5 | author: Bishopfox 6 | severity: medium 7 | description: "The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL. The module did not have protection for the Redirect URL to go where content authors intended." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-063 10 | metadata: 11 | security-risk: "Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All" 12 | vulnerability: "open-redirect-vulnerability" 13 | fofa-query: "/sites/all/modules/elf/" 14 | google-query: "inurl:'/sites/all/modules/elf/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/elf/elf.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'elf' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.1') 52 | - compare_versions(version, '8.x-1.0') 53 | - compare_versions(version, '7.x-3.0') 54 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-faq-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-faq-unsupported 3 | info: 4 | name: drupal_module-faq-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-077 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/faq/" 14 | google-query: "inurl:'/sites/all/modules/faq/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/faq/faq.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'faq' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-fb_messenger_customer_chat_plugin-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-fb_messenger_customer_chat_plugin-access-bypass 3 | info: 4 | name: drupal_module-fb_messenger_customer_chat_plugin-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Facebook Messenger Customer Chat Plugin module enables you to add the Facebook Messenger Customer Chat Plugin to your Drupal site. The module doesnt require user permissions on the admin page." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-059 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/fb_messenger_customer_chat_plugin/" 14 | google-query: "inurl:'/sites/all/modules/fb_messenger_customer_chat_plugin/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/fb_messenger_customer_chat_plugin/fb_messenger_customer_chat_plugin.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'fb_messenger_customer_chat_plugin' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-imagecache_external-insecure-session-token-management.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-imagecache_external-insecure-session-token-management 3 | info: 4 | name: drupal_module-imagecache_external-insecure-session-token-management 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module that allows you to store external images on your server and apply your own Image Styles. The module exposes cookies to external sites when making external image requests. This vulnerability is mitigated by using the whitelisted host feature to restrict external image requests from trusted sources." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-065 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "insecure-session-token-management" 13 | fofa-query: "/sites/all/modules/imagecache_external/" 14 | google-query: "inurl:'/sites/all/modules/imagecache_external/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/imagecache_external/imagecache_external.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'imagecache_external' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-jsonapi-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-jsonapi-remote-code-execution 3 | info: 4 | name: drupal_module-jsonapi-remote-code-execution 5 | author: me 6 | severity: medium 7 | description: "This resolves issues described in SA-CORE-2019-003 for this module." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-019 10 | metadata: 11 | security-risk: "Highly critical 25 ∕ 25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:All" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/jsonapi/" 14 | google-query: "inurl:'/sites/all/modules/jsonapi/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/jsonapi/jsonapi.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'jsonapi' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.25.0 || >=2.0.0 >2.3.0') 57 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-link-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-link-remote-code-execution 3 | info: 4 | name: drupal_module-link-remote-code-execution 5 | author: me 6 | severity: medium 7 | description: "This resolves issues described in SA-CORE-2019-003 for this module. Not all configurations are affected. See SA-CORE-2019-003 for details." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-020 10 | metadata: 11 | security-risk: "Critical 18 ∕ 25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:Uncommon" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/link/" 14 | google-query: "inurl:'/sites/all/modules/link/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/link/link.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'link' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-modal_page-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-modal_page-access-bypass 3 | info: 4 | name: drupal_module-modal_page-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This project enables administrators to create modal dialogs. The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-094 10 | metadata: 11 | security-risk: "Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/modal_page/" 14 | google-query: "inurl:'/sites/all/modules/modal_page/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/modal_page/modal_page.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'modal_page' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-2.4') 52 | - compare_versions(version, '8.x-2.3') 53 | - compare_versions(version, '8.x-2.2') 54 | - compare_versions(version, '8.x-2.1') 55 | - compare_versions(version, '8.x-2.0') 56 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-nexus-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-nexus-unsupported 3 | info: 4 | name: drupal_module-nexus-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-078 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/nexus/" 14 | google-query: "inurl:'/sites/all/modules/nexus/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/nexus/nexus.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'nexus' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-noggin-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-noggin-unsupported 3 | info: 4 | name: drupal_module-noggin-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "Update - 2021-01-22 This maintainer has fixed this security issue. Please install https://www.drupal.org/project/noggin/releases/7.x-1.2 to resolve the issue. The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-080 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/noggin/" 14 | google-query: "inurl:'/sites/all/modules/noggin/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/noggin/noggin.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'noggin' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.1') 52 | - compare_versions(version, '7.x-1.0') 53 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-opigno_forum-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-opigno_forum-access-bypass 3 | info: 4 | name: drupal_module-opigno_forum-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "In certain circumstances it is possible that certain forum information is available to unprivileged users because the access check is done with node access instead of grants. This vulnerability is mitigated by the fact that the module itself does not disclose information but only if there are listings such as views where the site builder / developer has not taken this into account." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-046 10 | metadata: 11 | security-risk: "Less critical 9∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/opigno_forum/" 14 | google-query: "inurl:'/sites/all/modules/opigno_forum/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/opigno_forum/opigno_forum.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'opigno_forum' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.1') 52 | - compare_versions(version, '8.x-1.0') 53 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-opigno_learning_path-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-opigno_learning_path-access-bypass 3 | info: 4 | name: drupal_module-opigno_learning_path-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "In certain configuration cases, when a learning path is configured as semi-private, anonymous users are allowed to join a learning path when they should not." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-047 10 | metadata: 11 | security-risk: "Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/opigno_learning_path/" 14 | google-query: "inurl:'/sites/all/modules/opigno_learning_path/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/opigno_learning_path/opigno_learning_path.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'opigno_learning_path' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.3') 52 | - compare_versions(version, '8.x-1.2') 53 | - compare_versions(version, '8.x-1.1') 54 | - compare_versions(version, '8.x-1.0') 55 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-paragraphs-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-paragraphs-remote-code-execution 3 | info: 4 | name: drupal_module-paragraphs-remote-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "This resolves issues described in SA-CORE-2019-003 for this module. Not all configurations are affected. See SA-CORE-2019-003 for details." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-023 10 | metadata: 11 | security-risk: "Critical 18∕25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:Uncommon" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/paragraphs/" 14 | google-query: "inurl:'/sites/all/modules/paragraphs/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/paragraphs/paragraphs.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'paragraphs' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.5') 52 | - compare_versions(version, '8.x-1.4') 53 | - compare_versions(version, '8.x-1.3') 54 | - compare_versions(version, '8.x-1.2') 55 | - compare_versions(version, '8.x-1.1') 56 | - compare_versions(version, '8.x-1.0') 57 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-preview_link-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-preview_link-access-bypass 3 | info: 4 | name: drupal_module-preview_link-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content. The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-004 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/preview_link/" 14 | google-query: "inurl:'/sites/all/modules/preview_link/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/preview_link/preview_link.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'preview_link' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-sendinblue-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-sendinblue-unsupported 3 | info: 4 | name: drupal_module-sendinblue-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-088 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/sendinblue/" 14 | google-query: "inurl:'/sites/all/modules/sendinblue/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/sendinblue/sendinblue.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'sendinblue' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-tablefield-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-tablefield-access-bypass 3 | info: 4 | name: drupal_module-tablefield-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module allows you to attach tabular data to an entity. There is insufficient access checking for users with the ability to Export Tablefield Data as CSV. They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an attacker must have a role with the permission Export Tablefield Data as CSV." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-067 10 | metadata: 11 | security-risk: "Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/tablefield/" 14 | google-query: "inurl:'/sites/all/modules/tablefield/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/tablefield/tablefield.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'tablefield' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-2.0') 52 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-tmgmt-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-tmgmt-remote-code-execution 3 | info: 4 | name: drupal_module-tmgmt-remote-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "This resolves issues described in SA-CORE-2019-003 for this module. Not all configurations are affected. See SA-CORE-2019-003 for details." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-024 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Uncommon" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/tmgmt/" 14 | google-query: "inurl:'/sites/all/modules/tmgmt/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/tmgmt/tmgmt.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'tmgmt' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.6') 52 | - compare_versions(version, '8.x-1.5') 53 | - compare_versions(version, '8.x-1.4') 54 | - compare_versions(version, '8.x-1.3') 55 | - compare_versions(version, '8.x-1.2') 56 | - compare_versions(version, '8.x-1.1') 57 | - compare_versions(version, '8.x-1.0') 58 | -------------------------------------------------------------------------------- /templates/2019/drupal_module-views-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-views-cross-site-scripting 3 | info: 4 | name: drupal_module-views-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module enables you to create customized lists of data. The module doesnt sufficiently sanitize certain field types, leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that a view must display a field with the format Full data (serialized) and an attacker must have the ability to store malicious markup in that field." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2019-036 10 | metadata: 11 | security-risk: "Less critical 7 ∕ 25 AC:Complex/A:None/CI:None/II:None/E:Theoretical/TD:Uncommon" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/views/" 14 | google-query: "inurl:'/sites/all/modules/views/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/views/views.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'views' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-examples-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-examples-remote-code-execution 3 | info: 4 | name: drupal_module-examples-remote-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can added back in the future." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-035 10 | metadata: 11 | security-risk: "Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/examples/" 14 | google-query: "inurl:'/sites/all/modules/examples/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/examples/examples.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'examples' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '3.0.1') 52 | - compare_versions(version, '3.0.0') 53 | - compare_versions(version, '8.x-1.0') 54 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-group-information-disclosure.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-group-information-disclosure 3 | info: 4 | name: drupal_module-group-information-disclosure 5 | author: me 6 | severity: medium 7 | description: "The Group module enables you to hand out permissions on a smaller subset, section or community of your website. With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-032 10 | metadata: 11 | security-risk: "Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "information-disclosure" 13 | fofa-query: "/sites/all/modules/group/" 14 | google-query: "inurl:'/sites/all/modules/group/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/group/group.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'group' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.2.0') 57 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-modal_form-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-modal_form-access-bypass 3 | info: 4 | name: drupal_module-modal_form-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Modal form module is a toolset for quick start of using forms in modal windows. Any form is available for view and submit when the modal_form module is installed. The only requirement is to know the forms fully-qualified class name." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-029 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/modal_form/" 14 | google-query: "inurl:'/sites/all/modules/modal_form/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/modal_form/modal_form.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'modal_form' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-oauth_server_sso-sql-injection.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-oauth_server_sso-sql-injection 3 | info: 4 | name: drupal_module-oauth_server_sso-sql-injection 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you login into any OAuth 2.0 compliant application using Drupal credentials. The 8.x branch of the module is vulnerable to SQL injection." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-034 10 | metadata: 11 | security-risk: "Moderately critical 12∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "sql-injection" 13 | fofa-query: "/sites/all/modules/oauth_server_sso/" 14 | google-query: "inurl:'/sites/all/modules/oauth_server_sso/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/oauth_server_sso/oauth_server_sso.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'oauth_server_sso' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-prlp-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-prlp-access-bypass 3 | info: 4 | name: drupal_module-prlp-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to force a password update when using password reset link. The module doesnt sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-021 10 | metadata: 11 | security-risk: "Highly critical 20∕25 AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/prlp/" 14 | google-query: "inurl:'/sites/all/modules/prlp/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/prlp/prlp.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'prlp' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.4') 52 | - compare_versions(version, '8.x-1.3') 53 | - compare_versions(version, '8.x-1.2') 54 | - compare_versions(version, '8.x-1.1') 55 | - compare_versions(version, '8.x-1.0') 56 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-profile-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-profile-access-bypass 3 | info: 4 | name: drupal_module-profile-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Profile module enables you to allow users to have configurable user profiles. The module doesnt sufficiently check access when creating a user profile. Users with the create profiles permission could create profiles for any users." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-004 10 | metadata: 11 | security-risk: "Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/profile/" 14 | google-query: "inurl:'/sites/all/modules/profile/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/profile/profile.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'profile' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '1.0.0') 52 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-spamicide-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-spamicide-access-bypass 3 | info: 4 | name: drupal_module-spamicide-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesnt require appropriate permissions for administrative pages leading to an Access Bypass." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-009 10 | metadata: 11 | security-risk: "Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/spamicide/" 14 | google-query: "inurl:'/sites/all/modules/spamicide/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/spamicide/spamicide.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'spamicide' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '7.x-1.2') 52 | - compare_versions(version, '7.x-1.1') 53 | - compare_versions(version, '7.x-1.0') 54 | -------------------------------------------------------------------------------- /templates/2020/drupal_module-spamspan-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-spamspan-cross-site-scripting 3 | info: 4 | name: drupal_module-spamspan-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. This module contains a spamspan twig filter which doesnt sanitize the passed HTML string. This vulnerability is mitigated by the fact that sites must have custom twig template files that use the SpamSpan filter on a field that an attacker could populate. By default the SpamSpan module does not use the vulnerable twig filter." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2020-002 10 | metadata: 11 | security-risk: "Moderately critical 11∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/spamspan/" 14 | google-query: "inurl:'/sites/all/modules/spamspan/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/spamspan/spamspan.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'spamspan' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-commerce-multiple-issues.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-commerce-multiple-issues 3 | info: 4 | name: drupal_module-commerce-multiple-issues 5 | author: me 6 | severity: medium 7 | description: "This module provides a system for building an ecommerce solution in their Drupal site. The module doesnt sufficiently verify access to profile data in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have permission to perform the checkout operation." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-032 10 | metadata: 11 | security-risk: "Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "multiple-issues" 13 | fofa-query: "/sites/all/modules/commerce/" 14 | google-query: "inurl:'/sites/all/modules/commerce/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/commerce/commerce.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'commerce' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.27.0') 57 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-cshs-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-cshs-cross-site-scripting 3 | info: 4 | name: drupal_module-cshs-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "The module provides a field widget for selecting taxonomy terms in a hierarchical fashion. The module doesnt sanitize user input in certain cases, leading to a possible Cross-Site-Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission to create or edit taxonomy terms to which the widget may apply." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-031 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/cshs/" 14 | google-query: "inurl:'/sites/all/modules/cshs/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/cshs/cshs.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'cshs' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 3.5.0') 57 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-domain_group-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-domain_group-access-bypass 3 | info: 4 | name: drupal_module-domain_group-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables sites to define a domain from Domain Access that points directly to a group page. The module doesnt sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content (nodes) they should be allowed to." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-037 10 | metadata: 11 | security-risk: "Critical 18 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/domain_group/" 14 | google-query: "inurl:'/sites/all/modules/domain_group/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/domain_group/domain_group.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'domain_group' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.4.0 || 2.0.0') 57 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-graphql-information-disclosure.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-graphql-information-disclosure 3 | info: 4 | name: drupal_module-graphql-information-disclosure 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module lets you craft and expose a GraphQL web service API. The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability. This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-013 10 | metadata: 11 | security-risk: "Moderately critical 11∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon" 12 | vulnerability: "information-disclosure" 13 | fofa-query: "/sites/all/modules/graphql/" 14 | google-query: "inurl:'/sites/all/modules/graphql/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/graphql/graphql.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'graphql' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-4.0') 52 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-linkit-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-linkit-cross-site-scripting 3 | info: 4 | name: drupal_module-linkit-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. It does not sufficiently sanitize user input. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bundle." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-042 10 | metadata: 11 | security-risk: "Moderately critical 12 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/linkit/" 14 | google-query: "inurl:'/sites/all/modules/linkit/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/linkit/linkit.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'linkit' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 4.4.0') 57 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-mail_login-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-mail_login-access-bypass 3 | info: 4 | name: drupal_module-mail_login-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This modules enables users to login via email address. This module does not sufficiently check user status when authenticating." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-047 10 | metadata: 11 | security-risk: "Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/mail_login/" 14 | google-query: "inurl:'/sites/all/modules/mail_login/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/mail_login/mail_login.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'mail_login' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.5.0') 57 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-search_api_page-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-search_api_page-cross-site-scripting 3 | info: 4 | name: drupal_module-search_api_page-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module enables you to create simple search pages based on Search API without the use of Views. The module doesn’t sufficiently escape all variables provided for custom templates. This vulnerability is mitigated by the fact that the default template provided by the module is not affected." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-046 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/search_api_page/" 14 | google-query: "inurl:'/sites/all/modules/search_api_page/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/search_api_page/search_api_page.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'search_api_page' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-subgroup-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-subgroup-access-bypass 3 | info: 4 | name: drupal_module-subgroup-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree. When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group, rather than a direct ancestor or descendant. Trees with only multiple nodes at the lowest tier (or nowhere) are unaffected." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-003 10 | metadata: 11 | security-risk: "Less critical 9∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/subgroup/" 14 | google-query: "inurl:'/sites/all/modules/subgroup/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/subgroup/subgroup.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'subgroup' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '1.0.0') 52 | -------------------------------------------------------------------------------- /templates/2021/drupal_module-tb_megamenu-cross-site-request-forgery.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-tb_megamenu-cross-site-request-forgery 3 | info: 4 | name: drupal_module-tb_megamenu-cross-site-request-forgery 5 | author: me 6 | severity: medium 7 | description: "This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not use CSRF tokens to protect routes for saving menu configurations. This vulnerability can be exploited by an anonymous user." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2021-040 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-request-forgery" 13 | fofa-query: "/sites/all/modules/tb_megamenu/" 14 | google-query: "inurl:'/sites/all/modules/tb_megamenu/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/tb_megamenu/tb_megamenu.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'tb_megamenu' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.4.0') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-admin_toolbar_search-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-admin_toolbar_search-unsupported 3 | info: 4 | name: drupal_module-admin_toolbar_search-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-008 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/admin_toolbar_search/" 14 | google-query: "inurl:'/sites/all/modules/admin_toolbar_search/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/admin_toolbar_search/admin_toolbar_search.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'admin_toolbar_search' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= = 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-anonymousredirect-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-anonymousredirect-unsupported 3 | info: 4 | name: drupal_module-anonymousredirect-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-005 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/anonymousredirect/" 14 | google-query: "inurl:'/sites/all/modules/anonymousredirect/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/anonymousredirect/anonymousredirect.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'anonymousredirect' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= = 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-cleantalk-sql-injection.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-cleantalk-sql-injection 3 | info: 4 | name: drupal_module-cleantalk-sql-injection 5 | author: me 6 | severity: medium 7 | description: "This module provides integration with the CleanTalk spam protection service. The module does not properly filter data in certain circumstances. Update: 2022-03-31 - fix release node links" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-032 10 | metadata: 11 | security-risk: "Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:None/II:All/E:Theoretical/TD:Default" 12 | vulnerability: "sql-injection" 13 | fofa-query: "/sites/all/modules/cleantalk/" 14 | google-query: "inurl:'/sites/all/modules/cleantalk/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/cleantalk/cleantalk.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'cleantalk' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 4.15.0 || >=9.1.0 <= 9.1.21') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-cog-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-cog-unsupported 3 | info: 4 | name: drupal_module-cog-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-018 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/cog/" 14 | google-query: "inurl:'/sites/all/modules/cog/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/cog/cog.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'cog' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-context-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-context-cross-site-scripting 3 | info: 4 | name: drupal_module-context-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module enables you to conditionally display blocks in particular theme regions. The module doesnt sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer blocks." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-049 10 | metadata: 11 | security-risk: "Moderately critical 12 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/context/" 14 | google-query: "inurl:'/sites/all/modules/context/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/context/context.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'context' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-custom_breadcrumbs-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-custom_breadcrumbs-cross-site-scripting 3 | info: 4 | name: drupal_module-custom_breadcrumbs-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail. The module doesnt sufficiently filter on output, leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission Administer custom breadcrumbs permission." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-024 10 | metadata: 11 | security-risk: "Less critical 8∕25 AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/custom_breadcrumbs/" 14 | google-query: "inurl:'/sites/all/modules/custom_breadcrumbs/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/custom_breadcrumbs/custom_breadcrumbs.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'custom_breadcrumbs' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '1.0.0') 52 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-exif-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-exif-remote-code-execution 3 | info: 4 | name: drupal_module-exif-remote-code-execution 5 | author: me 6 | severity: medium 7 | description: "This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures. The module doesnt sufficiently protect against malicious files being used to attack the site. This vulnerability is mitigated by the fact that an attacker must have permission to upload images to the site." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-015 10 | metadata: 11 | security-risk: "Critical 18 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/exif/" 14 | google-query: "inurl:'/sites/all/modules/exif/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/exif/exif.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'exif' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.3.0 || >=2.0.0 <= 2.3.0') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-expire_reset_pass_link-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-expire_reset_pass_link-unsupported 3 | info: 4 | name: drupal_module-expire_reset_pass_link-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-009 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/expire_reset_pass_link/" 14 | google-query: "inurl:'/sites/all/modules/expire_reset_pass_link/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/expire_reset_pass_link/expire_reset_pass_link.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'expire_reset_pass_link' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-h5p-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-h5p-remote-code-execution 3 | info: 4 | name: drupal_module-h5p-remote-code-execution 5 | author: me 6 | severity: medium 7 | description: "This module enables you to create interactive content. The module doesnt sufficiently stop path traversal attacks through zipped filenames for the uploadable .h5p files. This vulnerability is mitigated by the fact that an attacker must have a role with the permission update h5p libraries. In addition, it is only exploitable on Windows servers." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-064 10 | metadata: 11 | security-risk: "Moderately critical 12 ∕ 25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/h5p/" 14 | google-query: "inurl:'/sites/all/modules/h5p/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/h5p/h5p.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'h5p' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-image_export_import-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-image_export_import-unsupported 3 | info: 4 | name: drupal_module-image_export_import-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-021 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/image_export_import/" 14 | google-query: "inurl:'/sites/all/modules/image_export_import/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/image_export_import/image_export_import.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'image_export_import' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-media_entity_flickr-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-media_entity_flickr-unsupported 3 | info: 4 | name: drupal_module-media_entity_flickr-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-017 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/media_entity_flickr/" 14 | google-query: "inurl:'/sites/all/modules/media_entity_flickr/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/media_entity_flickr/media_entity_flickr.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'media_entity_flickr' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= = 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-navbar-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-navbar-cross-site-scripting 3 | info: 4 | name: drupal_module-navbar-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module provides a very simple, mobile-friendly navigation toolbar. The module doesnt sufficiently check for user-provided input. This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format (like the default Filtered HTML format) that wont filter out the exploit code." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-011 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/navbar/" 14 | google-query: "inurl:'/sites/all/modules/navbar/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/navbar/navbar.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'navbar' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-opigno_learning_path-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-opigno_learning_path-access-bypass 3 | info: 4 | name: drupal_module-opigno_learning_path-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS. The module was providing too much user information about users such as the list of groups a uid is in." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-029 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/opigno_learning_path/" 14 | google-query: "inurl:'/sites/all/modules/opigno_learning_path/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/opigno_learning_path/opigno_learning_path.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'opigno_learning_path' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 3.0.1') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-pdf_api-remote-code-execution.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-pdf_api-remote-code-execution 3 | info: 4 | name: drupal_module-pdf_api-remote-code-execution 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-050 10 | metadata: 11 | security-risk: "Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "remote-code-execution" 13 | fofa-query: "/sites/all/modules/pdf_api/" 14 | google-query: "inurl:'/sites/all/modules/pdf_api/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/pdf_api/pdf_api.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'pdf_api' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '2.2.1') 52 | - compare_versions(version, '2.2.0') 53 | - compare_versions(version, '2.1.0') 54 | - compare_versions(version, '2.0.0') 55 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-registration-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-registration-access-bypass 3 | info: 4 | name: drupal_module-registration-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to create registration entities related to nodes. The module doesnt sufficiently restrict update access to a users own registrations. This vulnerability is mitigated by the fact that an attacker must have the update own [registration type] permission." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-063 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/registration/" 14 | google-query: "inurl:'/sites/all/modules/registration/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/registration/registration.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'registration' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-social-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-social-access-bypass 3 | info: 4 | name: drupal_module-social-access-bypass 5 | author: me 6 | severity: medium 7 | description: "Social Private Message module allows users on the platform to allow users to send private messages to each other. The module does not properly perform the correct access checks for certain operations." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-062 10 | metadata: 11 | security-risk: "Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/social/" 14 | google-query: "inurl:'/sites/all/modules/social/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/social/social.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'social' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 11.4.9 || >=11.5.0 <= 11.5.1') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-super_login-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-super_login-access-bypass 3 | info: 4 | name: drupal_module-super_login-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to login with an email address. The module doesnt sufficiently check if a user account is active when using email login. This vulnerability is mitigated by the fact that an attacker must have an account in the website that is blocked." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-001 10 | metadata: 11 | security-risk: "Critical 18 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/super_login/" 14 | google-query: "inurl:'/sites/all/modules/super_login/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/super_login/super_login.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'super_login' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.7.0') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-svg_formatter-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-svg_formatter-cross-site-scripting 3 | info: 4 | name: drupal_module-svg_formatter-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "SVG Formatter module provides support for using SVG images on your website. Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-028 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/svg_formatter/" 14 | google-query: "inurl:'/sites/all/modules/svg_formatter/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/svg_formatter/svg_formatter.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'svg_formatter' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.17.0 || =2.0.0') 57 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-swiftype-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-swiftype-unsupported 3 | info: 4 | name: drupal_module-swiftype-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-012 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/swiftype/" 14 | google-query: "inurl:'/sites/all/modules/swiftype/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/swiftype/swiftype.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'swiftype' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-vppr-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-vppr-unsupported 3 | info: 4 | name: drupal_module-vppr-unsupported 5 | author: Bishopfox 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-016 10 | metadata: 11 | security-risk: "Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/vppr/" 14 | google-query: "inurl:'/sites/all/modules/vppr/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/vppr/vppr.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'vppr' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '<= 99.x-99.99') 52 | -------------------------------------------------------------------------------- /templates/2022/drupal_module-wingsuit_companion-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-wingsuit_companion-access-bypass 3 | info: 4 | name: drupal_module-wingsuit_companion-access-bypass 5 | author: Bishopfox 6 | severity: medium 7 | description: "The Wingsuit module enables site builders to build UI Patterns (and|or) Twig Components with Storybook and use them without any mapping code in Drupal. The module doesnt have an access check for the admin form allowing an attacker to view and modify the Wingsuit configuration." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2022-040 10 | metadata: 11 | security-risk: "Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/wingsuit_companion/" 14 | google-query: "inurl:'/sites/all/modules/wingsuit_companion/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/wingsuit_companion/wingsuit_companion.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'wingsuit_companion' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '8.x-1.0') 52 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-apigee_edge-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-apigee_edge-access-bypass 3 | info: 4 | name: drupal_module-apigee_edge-access-bypass 5 | author: me 6 | severity: medium 7 | description: "The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-005 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/apigee_edge/" 14 | google-query: "inurl:'/sites/all/modules/apigee_edge/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/apigee_edge/apigee_edge.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'apigee_edge' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.27.0 || >=2.0.0 <= 2.0.8') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-gdpr_alert-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-gdpr_alert-cross-site-scripting 3 | info: 4 | name: drupal_module-gdpr_alert-cross-site-scripting 5 | author: Bishopfox 6 | severity: medium 7 | description: "This module enables you to define configurable GDPR alert messages. The module doesnt sufficiently filter user-supplied text leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions. The vulnerability can be exploited by an attacker with a role with the permission administer gdpr alert regardless of other configurations." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-023 10 | metadata: 11 | security-risk: "Moderately critical 11∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/gdpr_alert/" 14 | google-query: "inurl:'/sites/all/modules/gdpr_alert/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/gdpr_alert/gdpr_alert.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | - type: status 34 | status: 35 | - 200 36 | - type: word 37 | words: 38 | - 'gdpr_alert' 39 | part: body 40 | 41 | extractors: 42 | - type: regex 43 | name: version 44 | part: body 45 | group: 1 46 | regex: 47 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 48 | 49 | - type: dsl 50 | dsl: 51 | - compare_versions(version, '1.0.0') 52 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-group_forum-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-group_forum-access-bypass 3 | info: 4 | name: drupal_module-group_forum-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to associate Forums as Group 1.x content and use Group access permissions. Previous versions of the module incorrectly set node access on creation, and did not correctly restrict access to lists of forum topics." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-008 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/group_forum/" 14 | google-query: "inurl:'/sites/all/modules/group_forum/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/group_forum/group_forum.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'group_forum' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '>=2.0.0 <= 2.0.2') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-gutenberg-denial-of-service.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-gutenberg-denial-of-service 3 | info: 4 | name: drupal_module-gutenberg-denial-of-service 5 | author: me 6 | severity: medium 7 | description: "This module provides a new UI experience for node editing - Gutenberg editor. This vulnerability can cause DoS by using reusable blocks improperly. This vulnerability is mitigated by the fact an attacker must have use gutenberg permission to exploit it." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-009 10 | metadata: 11 | security-risk: "Less critical 8 ∕ 25 AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:All" 12 | vulnerability: "denial-of-service" 13 | fofa-query: "/sites/all/modules/gutenberg/" 14 | google-query: "inurl:'/sites/all/modules/gutenberg/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/gutenberg/gutenberg.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'gutenberg' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.7.0') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-highlight_php-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-highlight_php-cross-site-scripting 3 | info: 4 | name: drupal_module-highlight_php-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "Provides highlight.php integration to Drupal, allowing blocks to be automatically highlighted with the correct language. The modules Twig function doesnt sufficiently filter user-entered data." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-043 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/highlight_php/" 14 | google-query: "inurl:'/sites/all/modules/highlight_php/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/highlight_php/highlight_php.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'highlight_php' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.0.1') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-mailchimp-cross-site-request-forgery.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-mailchimp-cross-site-request-forgery 3 | info: 4 | name: drupal_module-mailchimp-cross-site-request-forgery 5 | author: me 6 | severity: medium 7 | description: "This module provides integration with Mailchimp, a popular email delivery service. A route related to OAuth authentication is not protected against a Cross Site Request Forgery attack." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-025 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-request-forgery" 13 | fofa-query: "/sites/all/modules/mailchimp/" 14 | google-query: "inurl:'/sites/all/modules/mailchimp/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/mailchimp/mailchimp.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'mailchimp' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '>=2.2.0 <= 2.2.2') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-minifyhtml-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-minifyhtml-cross-site-scripting 3 | info: 4 | name: drupal_module-minifyhtml-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "Carefully crafted input by an attacker will not be sanitized by this module, which can result in a script injection." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-032 10 | metadata: 11 | security-risk: "Moderately critical 11 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Proof/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/minifyhtml/" 14 | google-query: "inurl:'/sites/all/modules/minifyhtml/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/minifyhtml/minifyhtml.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'minifyhtml' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.13.0 || >=2.0.0 <= 2.0.3') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-photos-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-photos-access-bypass 3 | info: 4 | name: drupal_module-photos-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to create and manage photos and photo albums on your website. The module doesnt sufficiently check node access when a user is provided the edit any photo or delete any photo permissions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission edit any photo or delete any photo." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-022 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:None/A:Admin/CI:All/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/photos/" 14 | google-query: "inurl:'/sites/all/modules/photos/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/photos/photos.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'photos' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-private_taxonomy-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-private_taxonomy-access-bypass 3 | info: 4 | name: drupal_module-private_taxonomy-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables users to create private vocabularies. The module doesnt enforce permissions appropriately for the taxonomy overview page and overview form. This vulnerability is mitigated by the fact that an attacker must have a role with the permission Administer own taxonomy or View private taxonomies" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-001 10 | metadata: 11 | security-risk: "Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/private_taxonomy/" 14 | google-query: "inurl:'/sites/all/modules/private_taxonomy/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/private_taxonomy/private_taxonomy.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'private_taxonomy' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.6.0') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-protected_pages-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-protected_pages-access-bypass 3 | info: 4 | name: drupal_module-protected_pages-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to secure any page with a password. The module does not sufficiently restrict access to the page content." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-013 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/protected_pages/" 14 | google-query: "inurl:'/sites/all/modules/protected_pages/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/protected_pages/protected_pages.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'protected_pages' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.06') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-responsive_media_image-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-responsive_media_image-unsupported 3 | info: 4 | name: drupal_module-responsive_media_image-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#procedure---own-project---unsupported" 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-011 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/responsive_media_image/" 14 | google-query: "inurl:'/sites/all/modules/responsive_media_image/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/responsive_media_image/responsive_media_image.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'responsive_media_image' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-shorthand-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-shorthand-access-bypass 3 | info: 4 | name: drupal_module-shorthand-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module provides integration with Shorthand, an application which describes itself as beautifully simple storytelling. The module does not check appropriate permissions when displaying a list of all shorthand stories." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-038 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/shorthand/" 14 | google-query: "inurl:'/sites/all/modules/shorthand/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/shorthand/shorthand.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'shorthand' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 4.0.3') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-tfa-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-tfa-access-bypass 3 | info: 4 | name: drupal_module-tfa-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module doesnt sufficiently ensure all core login routes, including the password reset page, require a second factor credential. This vulnerability is mitigated by the fact that an attacker must obtain a first-factor login credential." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-030 10 | metadata: 11 | security-risk: "Critical 17 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Proof/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/tfa/" 14 | google-query: "inurl:'/sites/all/modules/tfa/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/tfa/tfa.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'tfa' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '^1 <= = 1.0.0') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-thunder-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-thunder-access-bypass 3 | info: 4 | name: drupal_module-thunder-access-bypass 5 | author: me 6 | severity: medium 7 | description: "Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder_gqls module which provides a graphql interface. The module doesnt sufficiently check access when serving user data via graphql leading to an access bypass vulnerability potentially exposing email addresses." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-007 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/thunder/" 14 | google-query: "inurl:'/sites/all/modules/thunder/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/thunder/thunder.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'thunder' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '>=6.4.0 <= 6.4.6 || >=6.5.0 <= 6.5.3') 57 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-unified_twig_ext-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-unified_twig_ext-cross-site-scripting 3 | info: 4 | name: drupal_module-unified_twig_ext-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module makes PatternLabs custom Twig functions available to Drupal theming. The modules included examples dont sufficiently filter data. This vulnerability is mitigated by the fact that the included examples must have been copied to a sites theme." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-041 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/unified_twig_ext/" 14 | google-query: "inurl:'/sites/all/modules/unified_twig_ext/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/unified_twig_ext/unified_twig_ext.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | - type: status 35 | status: 36 | - 200 37 | - type: word 38 | words: 39 | - 'unified_twig_ext' 40 | part: body 41 | condition: and 42 | 43 | extractors: 44 | - type: regex 45 | name: version 46 | part: body 47 | group: 1 48 | regex: 49 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 50 | 51 | - type: dsl 52 | dsl: 53 | - compare_versions(version, '<= 1.1.1') 54 | -------------------------------------------------------------------------------- /templates/2023/drupal_module-xsendfile-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-xsendfile-access-bypass 3 | info: 4 | name: drupal_module-xsendfile-access-bypass 5 | author: me 6 | severity: medium 7 | description: "The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of ImageStyleDownloadController." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2023-053 10 | metadata: 11 | security-risk: "Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/xsendfile/" 14 | google-query: "inurl:'/sites/all/modules/xsendfile/" 15 | impact: medium 16 | type: indicator 17 | created_at: '0001-01-01T00:00:00Z' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/xsendfile/xsendfile.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | - type: status 35 | status: 36 | - 200 37 | - type: word 38 | words: 39 | - 'xsendfile' 40 | part: body 41 | condition: and 42 | 43 | extractors: 44 | - type: regex 45 | name: version 46 | part: body 47 | group: 1 48 | regex: 49 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 50 | 51 | - type: dsl 52 | dsl: 53 | - compare_versions(version, '<= 1.2.0') 54 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-all_extensions-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-all_extensions-unsupported 3 | info: 4 | name: drupal_module-all_extensions-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai..." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-075 10 | metadata: 11 | security-risk: "Critical 18 ∕ 25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/all_extensions/" 14 | google-query: "inurl:'/sites/all/modules/all_extensions/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/all_extensions/all_extensions.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'all_extensions' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-basic_auth-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-basic_auth-access-bypass 3 | info: 4 | name: drupal_module-basic_auth-access-bypass 5 | author: me 6 | severity: medium 7 | description: "The module provides a possibility to restrict access to specific paths using basic HTTP authentication, in addition to standard Drupal access checks. In some cases, the module removes existing access checks from some paths, resulting in an access bypass vulnerability." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-057 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/basic_auth/" 14 | google-query: "inurl:'/sites/all/modules/basic_auth/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/basic_auth/basic_auth.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'basic_auth' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-coffee-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-coffee-cross-site-scripting 3 | info: 4 | name: drupal_module-coffee-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "The Coffee module helps you to navigate through the Drupal admin menus faster with a shortcut popup. The module doesnt sufficiently escape menu names when displaying them in the popup, thereby exposing a XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission Administer menus and menu links." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-011 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/coffee/" 14 | google-query: "inurl:'/sites/all/modules/coffee/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/coffee/coffee.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'coffee' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.4.0') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-commerce_view_receipt-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-commerce_view_receipt-access-bypass 3 | info: 4 | name: drupal_module-commerce_view_receipt-access-bypass 5 | author: me 6 | severity: medium 7 | description: "The Commerce View Receipts module enables you to view commerce order receipts in the browser. The module doesnt sufficiently check access permissions, allowing an unauthorised user to view the private information of other customers." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-021 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/commerce_view_receipt/" 14 | google-query: "inurl:'/sites/all/modules/commerce_view_receipt/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/commerce_view_receipt/commerce_view_receipt.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'commerce_view_receipt' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.0.3') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-cookiebot_gtm-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-cookiebot_gtm-cross-site-scripting 3 | info: 4 | name: drupal_module-cookiebot_gtm-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesnt sufficiently filter for malicious script leading to a persistent cross site scripting (XSS) vulnerability." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-055 10 | metadata: 11 | security-risk: "Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/cookiebot_gtm/" 14 | google-query: "inurl:'/sites/all/modules/cookiebot_gtm/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/cookiebot_gtm/cookiebot_gtm.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'cookiebot_gtm' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.0.18') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-download_all_files-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-download_all_files-access-bypass 3 | info: 4 | name: drupal_module-download_all_files-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module provides a field formatter for the field type file called `Table of files with download all link` . The module had vulnerabilities allowing a user to download files they normally should not be able to download." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-069 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Proof/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/download_all_files/" 14 | google-query: "inurl:'/sites/all/modules/download_all_files/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/download_all_files/download_all_files.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'download_all_files' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.0.2') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-entity_delete_log-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-entity_delete_log-access-bypass 3 | info: 4 | name: drupal_module-entity_delete_log-access-bypass 5 | author: me 6 | severity: medium 7 | description: "The Entity Delete Log module tracks the deletion of configured entity types, such as node or comments. It does not add sufficient permission to the log report page, allowing an attacker to view information from deleted entities." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-007 10 | metadata: 11 | security-risk: "Moderately critical 12 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/entity_delete_log/" 14 | google-query: "inurl:'/sites/all/modules/entity_delete_log/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/entity_delete_log/entity_delete_log.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'entity_delete_log' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.1.1') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-git_utils-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-git_utils-unsupported 3 | info: 4 | name: drupal_module-git_utils-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai..." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-074 10 | metadata: 11 | security-risk: "Critical 17 ∕ 25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/git_utils/" 14 | google-query: "inurl:'/sites/all/modules/git_utils/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/git_utils/git_utils.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'git_utils' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-image_sizes-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-image_sizes-access-bypass 3 | info: 4 | name: drupal_module-image_sizes-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module enables you to create responsive image styles that depend on the parent elements width. The module doesnt sufficiently check access to rendered images, resulting in access bypass vulnerabilities in specific scenarios." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-023 10 | metadata: 11 | security-risk: "Moderately critical 14 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/image_sizes/" 14 | google-query: "inurl:'/sites/all/modules/image_sizes/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/image_sizes/image_sizes.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'image_sizes' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 3.0.2') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-loft_data_grids-multiple-vulnerabilities.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-loft_data_grids-multiple-vulnerabilities 3 | info: 4 | name: drupal_module-loft_data_grids-multiple-vulnerabilities 5 | author: me 6 | severity: medium 7 | description: "This module provides serialization formats for use by other modules. The module includes a version of phpoffice/phpspreadsheet which has multiple known security vulnerabilities." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-054 10 | metadata: 11 | security-risk: "Moderately critical 11 ∕ 25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon" 12 | vulnerability: "multiple-vulnerabilities" 13 | fofa-query: "/sites/all/modules/loft_data_grids/" 14 | google-query: "inurl:'/sites/all/modules/loft_data_grids/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/loft_data_grids/loft_data_grids.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'loft_data_grids' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-megamenu_framework-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-megamenu_framework-unsupported 3 | info: 4 | name: drupal_module-megamenu_framework-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai..." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-065 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/megamenu_framework/" 14 | google-query: "inurl:'/sites/all/modules/megamenu_framework/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/megamenu_framework/megamenu_framework.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'megamenu_framework' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-minifyjs-cross-site-request-forgery.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-minifyjs-cross-site-request-forgery 3 | info: 4 | name: drupal_module-minifyjs-cross-site-request-forgery 5 | author: me 6 | severity: medium 7 | description: "The Minify JS module allows a site administrator to minify all javascript files that exist in the sites code base and use those minified files on the front end of the website. Several administrator routes are unprotected against Cross-Site Request Forgery (CRSF) attacks." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-070 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-request-forgery" 13 | fofa-query: "/sites/all/modules/minifyjs/" 14 | google-query: "inurl:'/sites/all/modules/minifyjs/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/minifyjs/minifyjs.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'minifyjs' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 3.0.3') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-node_access_rebuild_progressive-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-node_access_rebuild_progressive-access-bypass 3 | info: 4 | name: drupal_module-node_access_rebuild_progressive-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module provides an alternative mean of rebuilding the Content Access table. The module doesnt sufficiently reset the state of content access when the module is uninstalled." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-010 10 | metadata: 11 | security-risk: "Less critical 9 ∕ 25 AC:Complex/A:Admin/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/node_access_rebuild_progressive/" 14 | google-query: "inurl:'/sites/all/modules/node_access_rebuild_progressive/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/node_access_rebuild_progressive/node_access_rebuild_progressive.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'node_access_rebuild_progressive' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 2.0.2') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-pages_restriction-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-pages_restriction-access-bypass 3 | info: 4 | name: drupal_module-pages_restriction-access-bypass 5 | author: me 6 | severity: medium 7 | description: "Module to restrict access from anonymous and regular users to configured pre-defined pages. The module does not adequately handle protecting certain types of URLs." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-068 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/pages_restriction/" 14 | google-query: "inurl:'/sites/all/modules/pages_restriction/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/pages_restriction/pages_restriction.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'pages_restriction' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '>=2.0.0 <= 2.0.3') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-postfile-cross-site-request-forgery.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-postfile-cross-site-request-forgery 3 | info: 4 | name: drupal_module-postfile-cross-site-request-forgery 5 | author: me 6 | severity: medium 7 | description: "The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system (public, private, etc). The module doesnt sufficiently protect against Cross Site Request Forgery under allowing an attacker to trick a site user into uploading a file." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-059 10 | metadata: 11 | security-risk: "Moderately critical 12 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-request-forgery" 13 | fofa-query: "/sites/all/modules/postfile/" 14 | google-query: "inurl:'/sites/all/modules/postfile/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/postfile/postfile.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'postfile' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.0.2') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-print_anything-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-print_anything-unsupported 3 | info: 4 | name: drupal_module-print_anything-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai..." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-066 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/print_anything/" 14 | google-query: "inurl:'/sites/all/modules/print_anything/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/print_anything/print_anything.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'print_anything' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 99.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-restws-access-bypass.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-restws-access-bypass 3 | info: 4 | name: drupal_module-restws-access-bypass 5 | author: me 6 | severity: medium 7 | description: "This module exposes Drupal resources (e.g. entities) as RESTful web services. The module doesnt sufficiently restrict access for user resources." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-019 10 | metadata: 11 | security-risk: "Critical 16 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Proof/TD:All" 12 | vulnerability: "access-bypass" 13 | fofa-query: "/sites/all/modules/restws/" 14 | google-query: "inurl:'/sites/all/modules/restws/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/restws/restws.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'restws' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-smartling-multiple-vulnerabilities.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-smartling-multiple-vulnerabilities 3 | info: 4 | name: drupal_module-smartling-multiple-vulnerabilities 5 | author: me 6 | severity: medium 7 | description: "Smartling module allows you to translate content in Drupal 7 using the Smartling Translation Management Platform. The module includes an outdated version of the Guzzle package (guzzlehttp/guzzle 6.3.3), which has known security vulnerabilities." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-053 10 | metadata: 11 | security-risk: "Less critical 9 ∕ 25 AC:Complex/A:Admin/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "multiple-vulnerabilities" 13 | fofa-query: "/sites/all/modules/smartling/" 14 | google-query: "inurl:'/sites/all/modules/smartling/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/smartling/smartling.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'smartling' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '9.x-99.99') 57 | -------------------------------------------------------------------------------- /templates/2024/drupal_module-tooltip-cross-site-scripting.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-tooltip-cross-site-scripting 3 | info: 4 | name: drupal_module-tooltip-cross-site-scripting 5 | author: me 6 | severity: medium 7 | description: "This module enables you to add any HTML content you want in a tooltip displayed on mouse hover. The module does not sufficiently escape the markup inserted in the tooltip block. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer blocks." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2024-058 10 | metadata: 11 | security-risk: "Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All" 12 | vulnerability: "cross-site-scripting" 13 | fofa-query: "/sites/all/modules/tooltip/" 14 | google-query: "inurl:'/sites/all/modules/tooltip/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/tooltip/tooltip.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'tooltip' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 1.1.2') 57 | -------------------------------------------------------------------------------- /templates/2025/drupal_module-profile_private-unsupported.yaml: -------------------------------------------------------------------------------- 1 | 2 | id: drupal_module-profile_private-unsupported 3 | info: 4 | name: drupal_module-profile_private-unsupported 5 | author: me 6 | severity: medium 7 | description: "The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai..." 8 | reference: 9 | - https://www.drupal.org/sa-contrib-2025-002 10 | metadata: 11 | security-risk: "Critical 15 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All" 12 | vulnerability: "unsupported" 13 | fofa-query: "/sites/all/modules/profile_private/" 14 | google-query: "inurl:'/sites/all/modules/profile_private/" 15 | impact: medium 16 | type: indicator 17 | created_at: '2025-01-09' 18 | tags: drupal 19 | 20 | http: 21 | - method: GET 22 | redirects: true 23 | max-redirects: 3 24 | path: 25 | - "{{BaseURL}}/sites/all/modules/profile_private/profile_private.info" 26 | 27 | matchers-condition: and 28 | matchers: 29 | - type: regex 30 | part: body 31 | regex: 32 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 33 | condition: and 34 | 35 | - type: status 36 | status: 37 | - 200 38 | condition: and 39 | 40 | - type: word 41 | words: 42 | - 'profile_private' 43 | part: body 44 | condition: and 45 | 46 | extractors: 47 | - type: regex 48 | name: version 49 | part: body 50 | group: 1 51 | regex: 52 | - 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"' 53 | 54 | - type: dsl 55 | dsl: 56 | - compare_versions(version, '<= 99.x-99.99') 57 | --------------------------------------------------------------------------------