CVE-2018-7600
Drupal Core Remote Code Execution Vulnerability
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
27
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Drupal en versiones anteriores a la 7.58, 8.x anteriores a la 8.3.9, 8.4.x anteriores a la 8.4.6 y 8.5.x anteriores a la 8.5.1 permite que los atacantes remotos ejecuten código arbitrario debido a un problema que afecta a múltiples subsistemas con configuraciones de módulos por defecto o comunes.
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-01 CVE Reserved
- 2018-03-29 CVE Published
- 2018-04-14 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-10-30 EPSS Updated
CWE
- CWE-20: Improper Input Validation
CAPEC
References (44)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://groups.drupal.org/security/faq-2018-002 | 2019-03-01 | |
https://www.debian.org/security/2018/dsa-4156 | 2019-03-01 | |
https://www.drupal.org/sa-core-2018-002 | 2018-03-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | <= 7.57 Search vendor "Drupal" for product "Drupal" and version " <= 7.57" | - |
Affected
| ||||||
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 8.0.0 < 8.3.9 Search vendor "Drupal" for product "Drupal" and version " >= 8.0.0 < 8.3.9" | - |
Affected
| ||||||
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 8.4.0 < 8.4.6 Search vendor "Drupal" for product "Drupal" and version " >= 8.4.0 < 8.4.6" | - |
Affected
| ||||||
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 8.5.0 < 8.5.1 Search vendor "Drupal" for product "Drupal" and version " >= 8.5.0 < 8.5.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|