Back to Codebase
Vulnerability Analysis Report
Drupal Core v4.0.0
Scan ID: SCAN-DRUPAL-CORE-c02WNh • Hash: 14d9e800
Severity Score
Medium
Total Findings
2
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.914s
Vulnerability Details
L9
Dynamic Code Execution in index.php
CWE-94
File Location:
index.php:9
Security Score:
96 / 100
Confirmed Issue
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- eval(variable_get("site_frontpage_extra", "") .";");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19
Cross-Site Scripting (XSS) in admin.php
CWE-79
File Location:
admin.php:19
Security Score:
87 / 100
Confirmed Issue
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- <title><?php echo variable_get("site_name", "drupal"); ?> administration pages</title>
+ echo htmlspecialchars(variable_get("site_name", "drupal"), ENT_QUOTES, "UTF-8");