CVE-2019-6340CISA KEVEPSS p99.8%

CVE-2019-6340Drupal Core Remote Code Execution Vulnerability

Drupal / Core

Description

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Scoring

EPSS91.92% probability of exploitation · percentile 99.8% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2022-03-25

(incoming)1

TypeTargetConfidenceTier
KEVEntryDrupal Core Remote Code Execution Vulnerabilitykev-cve-2019-63400%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Drupal Core SQL Injection Vulnerability
CVE
Drupal core Un-restricted Upload of File
CVE
vBulletin PHP Module Remote Code Execution Vulnerability
CVE
CVE-2026-30694
CVE
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVE
CVE-2025-13486
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.