CVE-2018-7600 Information

Feb 14, 2021 cve

Description

Drupal before 7.58 8.x before 8.3.9 8.4.x before 8.4.6 and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103534 http://www.securitytracker.com/id/1040598 https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/ https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714 https://github.com/a2u/CVE-2018-7600 https://github.com/g0rx/CVE-2018-7600-Drupal-RCE https://greysec.net/showthread.php?tid=2912&pid=10561 https://groups.drupal.org/security/faq-2018-002 https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html https://research.checkpoint.com/uncovering-drupalgeddon-2/ https://twitter.com/arancaytar/status/979090719003627521 https://twitter.com/RicterZ/status/979567469726613504 https://twitter.com/RicterZ/status/984495201354854401 https://www.debian.org/security/2018/dsa-4156 https://www.drupal.org/sa-core-2018-002 https://www.exploit-db.com/exploits/44448/ https://www.exploit-db.com/exploits/44449/ https://www.exploit-db.com/exploits/44482/ https://www.synology.com/support/security/Synology_SA_18_17 https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: