services_project 漏洞与 CVE 列表（6）

产品（CPE）: — CVE 数: 6

services_project 漏洞概览

汇总 services_project 相关全部产品的 CVE 与安全漏洞情报，包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括跨站脚本、CSRF与输入验证问题，在生产负载与软件部署使用场景中可能带来异常行为与会话劫持等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告，可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势（近 24 个月）

CVE	摘要	来源	最高 CVSS	EPSS %	公开时间	更新时间
CVE-2015-4394	The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.	[email protected]	5.0	0.23%	2015-06-15	2026-05-06
CVE-2015-4393	The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.	[email protected]	6.0	1.27%	2015-06-15	2026-05-06
CVE-2014-9153	Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response.	[email protected]	4.3	0.25%	2014-12-01	2026-05-06
CVE-2014-9152	The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.	[email protected]	7.5	0.52%	2014-12-01	2026-05-06
CVE-2014-9151	The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.	[email protected]	7.5	0.51%	2014-12-01	2026-05-06
CVE-2013-2158	Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	[email protected]	6.8	0.27%	2013-07-01	2026-04-29

cvelogic Threat Intelligence