#VU62461 Input validation error in Drupal
Published: April 20, 2022
Vulnerability identifier: #VU62461
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Drupal
Drupal
Software vendor:
Drupal
Drupal
Description
The vulnerability allows a remote attacker to alter critical or sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input within the Drupal core's form API. A remote attacker can pass specially crafted input to the application and inject disallowed values or overwrite data, in certain cases an attacker can alter critical or sensitive data.
Remediation
Install updates from vendor's website.