A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/103985 | Broken Link Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1040754 | Broken Link Third Party Advisory VDB Entry |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html | Mailing List Third Party Advisory |
| https://www.debian.org/security/2018/dsa-4180 | Third Party Advisory |
| https://www.drupal.org/sa-core-2018-004 | Patch Vendor Advisory |
| https://www.exploit-db.com/exploits/44542/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/44557/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
02 Jul 2024, 17:41
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/103985 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () http://www.securitytracker.com/id/1040754 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2018-07-19 17:29
Updated : 2024-07-02 17:41
NVD link : CVE-2018-7602
Mitre link : CVE-2018-7602
CVE.ORG link : CVE-2018-7602
JSON object : View
Products Affected
debian
- debian_linux
drupal
- drupal
CWE