CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
References
Link Resource
http://www.securityfocus.com/bid/103534 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040598 Third Party Advisory VDB Entry
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/ Third Party Advisory
https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714 Third Party Advisory
https://github.com/a2u/CVE-2018-7600 Third Party Advisory
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE Patch Third Party Advisory
https://greysec.net/showthread.php?tid=2912&pid=10561 Issue Tracking Third Party Advisory
https://groups.drupal.org/security/faq-2018-002 Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html Third Party Advisory
https://research.checkpoint.com/uncovering-drupalgeddon-2/ Exploit Third Party Advisory
https://twitter.com/RicterZ/status/979567469726613504 Third Party Advisory
https://twitter.com/RicterZ/status/984495201354854401 Third Party Advisory
https://twitter.com/arancaytar/status/979090719003627521 Third Party Advisory
https://www.debian.org/security/2018/dsa-4156 Third Party Advisory
https://www.drupal.org/sa-core-2018-002 Vendor Advisory
https://www.exploit-db.com/exploits/44448/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44449/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44482/ Exploit Third Party Advisory VDB Entry
https://www.synology.com/support/security/Synology_SA_18_17 Third Party Advisory
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-29 07:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-7600

Mitre link : CVE-2018-7600

CVE.ORG link : CVE-2018-7600


JSON object : View

Products Affected

debian

  • debian_linux

drupal

  • drupal
CWE
CWE-20

Improper Input Validation