Skip to main content

Protected Pages

2 CVEs product

Monthly

CVE-2025-9551 PHP MEDIUM PATCH This Month

Drupal Protected Pages module fails to implement rate limiting on authentication attempts, enabling unauthenticated attackers to conduct brute force attacks against password-protected content. Affected versions include Protected Pages 0.0.0 through 1.7.x and 7.x-1.0 through 7.x-2.4. The vulnerability permits attackers to enumerate valid credentials and bypass access controls through repeated login submissions without detection or throttling mechanisms. No public exploit code or active exploitation has been confirmed; EPSS scoring of 0.05% (15th percentile) indicates low real-world exploitation likelihood despite the moderate CVSS score of 6.5.

Drupal PHP Brute Force Protected Pages
NVD HeroDevs VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2014-9024 HIGH PATCH This Week

The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Protected Pages
NVD
CVSS 2.0
7.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Drupal Protected Pages module fails to implement rate limiting on authentication attempts, enabling unauthenticated attackers to conduct brute force attacks against password-protected content. Affected versions include Protected Pages 0.0.0 through 1.7.x and 7.x-1.0 through 7.x-2.4. The vulnerability permits attackers to enumerate valid credentials and bypass access controls through repeated login submissions without detection or throttling mechanisms. No public exploit code or active exploitation has been confirmed; EPSS scoring of 0.05% (15th percentile) indicates low real-world exploitation likelihood despite the moderate CVSS score of 6.5.

Drupal PHP Brute Force +1
NVD HeroDevs VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Protected Pages
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy