Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: =8.0.0 =9.5.0 =10.0.0 Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could
More info:
https://www.drupal.org/sa-core-2023-004Read MoreÚltimas Vulnerabilidades
