Back to Codebase
Vulnerability Analysis Report
Drupal Core v3.0.1
Scan ID: SCAN-DRUPAL-CORE-CDUTIl • Hash: 9701a1c1
Severity Score
Medium
Total Findings
2
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.639s
Vulnerability Details
L8
Dynamic Code Execution in index.php
CWE-94
File Location:
index.php:8
Security Score:
98 / 100
Confirmed Issue
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- eval(variable_get("site_frontpage_extra", "") .";");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19
Cross-Site Scripting (XSS) in admin.php
CWE-79
File Location:
admin.php:19
Security Score:
82 / 100
Confirmed Issue
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- <title><?php echo variable_get(site_name, "drupal"); ?> administration pages</title>
+ echo htmlspecialchars(variable_get(site_name, "drupal"), ENT_QUOTES, "UTF-8");