8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13664

GHSA ID

GHSA-x72f-ggjw-v5xh

EPSS Score

0.82673%

CWE

CWE-77

Published

5/24/2022

Updated

4/23/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-13664

CVE-2020-13664: Drupal Core Arbitrary PHP code execution vulnerability

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13664

GHSA ID

GHSA-x72f-ggjw-v5xh

EPSS Score

0.82673%

CWE

CWE-77

Published

5/24/2022

Updated

4/23/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
drupal/core	composer	>= 8.8.0, < 8.8.8	8.8.8
drupal/core	composer	>= 8.9.0, < 8.9.1	8.9.1
drupal/core	composer	>= 9.0.0, < 9.0.1	9.0.1
drupal/drupal	composer	>= 8.8.0, < 8.8.8	8.8.8
drupal/drupal	composer	>= 8.9.0, < 8.9.1	8.9.1
drupal/drupal	composer	>= 9.0.0, < 9.0.1	9.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information and references do not explicitly name specific vulnerable functions. While the CWE-77 classification suggests command injection issues, the advisory describes a path manipulation/creation vulnerability leading to potential RCE through directory naming rather than direct command injection. The actual vulnerable code path would likely involve directory creation/file handling functions, but without access to the specific commit diffs or patch details, we cannot definitively identify the exact functions responsible. The Windows-specific file system behavior mentioned suggests potential case sensitivity exploitation, but this would depend on Drupal's file handling implementation details not revealed in provided sources.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*r*itr*ry P*P *o** *x**ution vuln*r**ility in *rup*l *or* un**r **rt*in *ir*umst*n**s. *n *tt**k*r *oul* tri*k *n **ministr*tor into visitin* * m*li*ious sit* t**t *oul* r*sult in *r**tin* * **r**ully n*m** *ir**tory on t** *il* syst*m. Wit* t*is *ir

Reasoning

T** provi*** vuln*r**ility in*orm*tion *n* r***r*n**s *o not *xpli*itly n*m* sp**i*i* vuln*r**l* *un*tions. W*il* t** *W*-** *l*ssi*i**tion su***sts *omm*n* inj**tion issu*s, t** **visory **s*ri**s * p*t* m*nipul*tion/*r**tion vuln*r**ility l***in* t

8.8

Basic Information

Concerned about an active attack path?

CVE-2020-13664: Drupal Core Arbitrary PHP code execution vulnerability

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI