High severityNVD Advisory· Published Apr 26, 2023· Updated Feb 3, 2025
CVE-2022-25273
CVE-2022-25273
Description
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.0.0, < 9.2.18 | 9.2.18 |
drupal/corePackagist | >= 9.3.0, < 9.3.12 | 9.3.12 |
Affected products
3- osv-coords2 versions
>= 8.0.0, < 9.2.18+ 1 more
- (no CPE)range: >= 8.0.0, < 9.2.18
- (no CPE)range: >= 8.0.0, < 9.2.18
- Drupal/Corev5Range: 9.3
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-g36h-4jr6-qmm9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25273ghsaADVISORY
- www.drupal.org/sa-core-2022-008ghsaWEB
News mentions
0No linked articles in our index yet.