CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
References
Link Resource
https://www.drupal.org/sa-core-2018-002 Vendor Advisory
https://groups.drupal.org/security/faq-2018-002 Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html Third Party Advisory
http://www.securitytracker.com/id/1040598 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/103534 Third Party Advisory VDB Entry
https://www.synology.com/support/security/Synology_SA_18_17 Third Party Advisory
https://www.debian.org/security/2018/dsa-4156 Third Party Advisory
https://twitter.com/RicterZ/status/979567469726613504 Third Party Advisory
https://github.com/a2u/CVE-2018-7600 Third Party Advisory
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know Third Party Advisory
https://greysec.net/showthread.php?tid=2912&pid=10561 Issue Tracking Third Party Advisory
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE Patch Third Party Advisory
https://twitter.com/arancaytar/status/979090719003627521 Third Party Advisory
https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714 Third Party Advisory
https://twitter.com/RicterZ/status/984495201354854401 Third Party Advisory
https://research.checkpoint.com/uncovering-drupalgeddon-2/ Exploit Third Party Advisory
https://www.exploit-db.com/exploits/44449/ Exploit Third Party Advisory
https://www.exploit-db.com/exploits/44448/ Exploit Third Party Advisory
https://www.exploit-db.com/exploits/44482/ Exploit Third Party Advisory
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2018-03-29 07:29

Updated : 2019-03-01 06:04


NVD link : CVE-2018-7600

Mitre link : CVE-2018-7600

Products Affected
No products.
CWE