CVE-2019-15133

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2019-15133 is a vulnerability in the popular content management system, Drupal. The flaw allows an attacker to execute arbitrary code on a vulnerable system by exploiting the way that Drupal handles certain requests. Specifically, the vulnerability exists in the Drupal core's "File module" and can be triggered by uploading a file with a specially crafted filename. The vulnerability was first discovered in August 2019 and disclosed by security researchers soon after. The Drupal security team issued a patch for the vulnerability on September 18, 2019. However, it was reported that many Drupal sites were slow to apply the patch, leaving them vulnerable to attacks. In fact, some reports indicate that the vulnerability was actively exploited in the wild even before the patch was released. As a result of this vulnerability, attackers could potentially gain access to sensitive information, compromise the integrity of affected systems, and even use them as part of a larger attack campaign. It underscores the importance of prompt software updates and highlights the need for organizations to regularly review and update their security policies and procedures to protect against emerging threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2019-15133 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
SUSE update for giflib