CVE-2020-13671CISA KEVEPSS p89.8%

CVE-2020-13671Drupal core Un-restricted Upload of File

Drupal / Drupal core

Description

Improper sanitization in the extension file names is present in Drupal core.

Scoring

EPSS4.27% probability of exploitation · percentile 89.8% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2022-01-18

(incoming)1

TypeTargetConfidenceTier
KEVEntryDrupal core Un-restricted Upload of Filekev-cve-2020-136710%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Drupal Core Remote Code Execution Vulnerability
CVE
WordPress File Manager Plugin Remote Code Execution Vulnerability
CVE
CVE-2025-9113
CVE
CVE-2026-21625
CVE
Laravel Ignition File Upload Vulnerability
CVE
CVE-2025-46001
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.