CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
http://www.securityfocus.com/bid/103534, http://www.securitytracker.com/id/1040598, https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/, https://greysec.net/showthread.php?tid=2912&pid=10561, https://twitter.com/RicterZ/status/979567469726613504, https://twitter.com/RicterZ/status/984495201354854401, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?fieldcve=CVE-2018-7600, https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714, https://github.com/a2u/CVE-2018-7600, https://github.com/g0rx/CVE-2018-7600-Drupal-RCE, https://groups.drupal.org/security/faq-2018-002, https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html, https://research.checkpoint.com/uncovering-drupalgeddon-2/, https://twitter.com/arancaytar/status/979090719003627521, https://www.debian.org/security/2018/dsa-4156, https://www.drupal.org/sa-core-2018-002, https://www.exploit-db.com/exploits/44448/, https://www.exploit-db.com/exploits/44449/, https://www.exploit-db.com/exploits/44482/, https://www.synology.com/support/security/SynologySA1817, https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
Basic Information
