CVE-2020-13671
Drupal core Un-restricted Upload of File
CVSS
—
No CVSS
EPSS
4.3%
p90
KEV
YES
Jan 18, 2022
Exploit Today
77
0-100
Published: — · Last modified: —
4.3%EPSS · 30 days4.3%
2026-06-302026-07-17
Product
Drupal / Drupal core
Vulnerability
Drupal core Un-restricted Upload of File
Added to KEV
Jan 18, 2022
Remediate by
Jul 18, 2022
Known ransomware use
No
Summary description
Improper sanitization in the extension file names is present in Drupal core.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-13671
No related CVEs by CWE or product.