📄 Description (English)
Drupal core Un-restricted Upload of File — Improper sanitization in the extension file names is present in Drupal core.
🤖 AI Executive Summary
CVE-2020-13671 is a critical unrestricted file upload vulnerability in Drupal core (CVSS 9.0) caused by improper sanitization of file extension names. Attackers can upload malicious files with dangerous extensions that bypass security controls, potentially leading to remote code execution on affected servers. A public exploit is available, significantly increasing the risk of active exploitation. Organizations running Drupal-based websites and portals must patch immediately to prevent full server compromise.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 18, 2026 17:17
🇸🇦 Saudi Arabia Impact Assessment
Saudi government portals, e-services platforms, and ministry websites built on Drupal are at significant risk, particularly given the widespread adoption of Drupal in public sector digital transformation initiatives under Vision 2030. The National Information Center (NCA-supervised entities) and government agencies using Drupal CMS for citizen-facing services face the highest exposure. Healthcare organizations using Drupal-based patient portals and appointment systems are also at risk. Educational institutions under the Ministry of Education and universities leveraging Drupal for web presence are vulnerable. Energy sector companies including ARAMCO subsidiaries with public-facing Drupal portals could be targeted for initial access leading to lateral movement into critical infrastructure networks. Banking sector (SAMA-regulated) institutions using Drupal for marketing or informational websites may face reputational and data breach risks.
🏢 Affected Saudi Sectors
Government
Healthcare
Education
Energy
Telecom
Banking
Retail
Media
⚖️ Saudi Risk Score (AI)
9.0
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Drupal installations across your environment using asset inventory tools.
2. Check Drupal version and apply the official security patch immediately (Drupal 9.0.8, 8.9.9, 8.8.11, 7.74 or later).
3. Temporarily disable file upload functionality on critical Drupal sites if patching cannot be done immediately.
PATCHING GUIDANCE:
1. Update Drupal core to the latest patched version via: composer update drupal/core or download from https://www.drupal.org/sa-core-2020-012.
2. Run database updates after applying the patch: drush updatedb.
3. Clear all caches post-update: drush cr.
COMPENSATING CONTROLS (if patch unavailable):
1. Implement a Web Application Firewall (WAF) rule to block uploads of dangerous file extensions (.php, .phtml, .phar, .asp, .aspx, .js, .html, .htm, .py, .pl, .cgi).
2. Configure server-side restrictions (Apache/Nginx) to prevent execution of uploaded files in the files directory.
3. Restrict file upload permissions to trusted authenticated users only.
4. Enable file upload scanning via antivirus/antimalware integration.
DETECTION RULES:
1. Monitor web server logs for POST requests to /file/ajax or /system/files with suspicious file extensions.
2. Create SIEM alerts for newly created executable files in Drupal's public files directory (/sites/default/files/).
3. Deploy IDS/IPS signatures for Drupal file upload exploitation attempts.
4. Monitor for webshell activity patterns (cmd.exe, /bin/sh execution from web server process).
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع تثبيتات Drupal عبر بيئتك باستخدام أدوات جرد الأصول.
2. التحقق من إصدار Drupal وتطبيق التصحيح الأمني الرسمي فوراً (Drupal 9.0.8 أو 8.9.9 أو 8.8.11 أو 7.74 أو أحدث).
3. تعطيل وظيفة رفع الملفات مؤقتاً على مواقع Drupal الحرجة إذا تعذّر التصحيح الفوري.
إرشادات التصحيح:
1. تحديث نواة Drupal إلى أحدث إصدار مُصحَّح عبر: composer update drupal/core أو التنزيل من الموقع الرسمي.
2. تشغيل تحديثات قاعدة البيانات بعد تطبيق التصحيح: drush updatedb.
3. مسح جميع ذاكرات التخزين المؤقت بعد التحديث: drush cr.
ضوابط التعويض (إذا لم يكن التصحيح متاحاً):
1. تطبيق قاعدة جدار حماية تطبيقات الويب (WAF) لحظر رفع الملفات ذات الامتدادات الخطيرة.
2. تكوين قيود على مستوى الخادم لمنع تنفيذ الملفات المرفوعة في مجلد الملفات.
3. تقييد أذونات رفع الملفات للمستخدمين الموثوقين والمصادق عليهم فقط.
4. تفعيل فحص الملفات المرفوعة عبر تكامل مكافح الفيروسات.
قواعد الكشف:
1. مراقبة سجلات خادم الويب لطلبات POST المشبوهة إلى مسارات رفع الملفات.
2. إنشاء تنبيهات SIEM للملفات التنفيذية المنشأة حديثاً في مجلد الملفات العامة لـ Drupal.
3. نشر توقيعات IDS/IPS لمحاولات استغلال رفع الملفات في Drupal.
4. مراقبة أنماط نشاط الـ webshell.
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-2-1: Cybersecurity Risk Management
ECC-3-3-3: Vulnerability Management — Patch Management
ECC-3-3-6: Web Application Security
ECC-3-3-1: Asset Management and Protection
ECC-3-2-1: Identity and Access Management
🔵 SAMA CSF
3.3.5 — Vulnerability Management
3.3.6 — Patch Management
3.3.9 — Web Application Security
3.4.2 — Secure Configuration Management
3.3.3 — Threat and Vulnerability Management
🟡 ISO 27001:2022
A.12.6.1 — Management of Technical Vulnerabilities
A.14.2.2 — System Change Control Procedures
A.14.1.2 — Securing Application Services on Public Networks
A.12.2.1 — Controls Against Malware
A.14.2.5 — Secure System Engineering Principles
🟣 PCI DSS v4.0
Requirement 6.3.3 — All system components are protected from known vulnerabilities by installing applicable security patches
Requirement 6.4.1 — Public-facing web applications are protected against attacks
Requirement 6.4.2 — Automated technical solution deployed for public-facing web applications
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Drupal:Drupal core