CVE-2018-7600 – Drupal Core Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. Drupal en versiones anteriores a la 7.58, 8.x anteriores a la 8.3.9, 8.4.x anteriores a la 8.4.6 y 8.5.x anteriores a la 8.5.1 permite que los atacantes remotos ejecuten código arbitrario debido a un problema que afecta a múltiples subsistemas con configuraciones de módulos por defecto o comunes. Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. • https://www.exploit-db.com/exploits/44482 https://www.exploit-db.com/exploits/44449 https://www.exploit-db.com/exploits/44448 https://github.com/a2u/CVE-2018-7600 https://github.com/pimps/CVE-2018-7600 https://github.com/g0rx/CVE-2018-7600-Drupal-RCE https://github.com/firefart/CVE-2018-7600 https://github.com/r3dxpl0it/CVE-2018-7600 https://github.com/dr-iman/CVE-2018-7600-Drupal-0day-RCE https://github.com/sl4cky/CVE-2018-7600 https://github.com/s • CWE-20: Improper Input Validation •