7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-25273

GHSA ID

GHSA-g36h-4jr6-qmm9

EPSS Score

0.39622%

CWE

CWE-20

Published

4/26/2023

Updated

11/7/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25273

CVE-2022-25273: Improper input validation in Drupal core

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Drupal 7 is not affected.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-25273

CVE-2022-25273:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-25273

GHSA ID

GHSA-g36h-4jr6-qmm9

EPSS Score

0.39622%

CWE

CWE-20

Published

4/26/2023

Updated

11/7/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
drupal/core	composer	>= 8.0.0, < 9.2.18	9.2.18
drupal/core	composer	>= 9.3.0, < 9.3.12	9.3.12

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information describes an improper input validation issue in Drupal core's form API affecting custom/contributed modules, but does not explicitly name vulnerable core functions. The advisory references Drupal's form API generally rather than specific functions, and critical details like GitHub patch information or commit diffs are unavailable. Without concrete code changes or explicit documentation of affected functions from Drupal's security advisory (SA-CORE-2022-008), we cannot identify specific vulnerable functions in core with high confidence. The vulnerability manifests when modules implement forms in specific ways, but the root cause in core's API isn't traceable to individual functions without further technical details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-25273: Improper input validation in Drupal core

CVE-2022-25273:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-25273: Improper input validation in Drupal core

Basic Information

Basic Information

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI