{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T19:08:31.925","vulnerabilities":[{"cve":{"id":"CVE-2020-13664","sourceIdentifier":"mlhess@drupal.org","published":"2021-05-05T15:15:08.227","lastModified":"2024-11-21T05:01:43.217","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código PHP arbitraria en Drupal Core bajo determinadas circunstancias. Un atacante podría engañar a un administrador de visitar un sitio malicioso que podría resultar en la creación de un directorio cuidadosamente nombrado en el sistema de archivos. Con este directorio en su lugar, un atacante podría intentar mediante fuerza bruta una vulnerabilidad de ejecución de código remota. Es más probable que los servidores de Windows estén afectados. Este problema afecta a: Drupal Drupal Core versiones 8.8.x anteriores a 8.8.8; Versiones 8.9.x anteriores a 8.9.1; versiones 9.0.1 anteriores a 9.0.1"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"8.8.0","versionEndExcluding":"8.8.8","matchCriteriaId":"66FFE610-B1FE-4177-9895-947CD43B9E97"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"8.9.0","versionEndExcluding":"8.9.1","matchCriteriaId":"1D615108-F4BB-4245-8A07-59FBE362B364"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.1","matchCriteriaId":"8B108358-A0B2-44BC-8D3E-9AECEA14E3BE"}]}]}],"references":[{"url":"https://www.drupal.org/sa-core-2020-005","source":"mlhess@drupal.org","tags":["Vendor Advisory"]},{"url":"https://www.drupal.org/sa-core-2020-005","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}