CyberSec.Space Logo
Back to CVE Browser

CVE-2018-7600

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score30.8640%
EPSS Percentile90.48th
PublishedMar 29, 2018
Last ModifiedOct 31, 2025

Vulnerability Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Affected Platforms (CPE)

πŸ“¦
Drupal

Drupal

<= 7.57
πŸ“¦
Drupal

Drupal

>= 8.0.0 and < 8.3.9
πŸ“¦
Drupal

Drupal

>= 8.4.0 and < 8.4.6
πŸ“¦
Drupal

Drupal

>= 8.5.0 and < 8.5.1
πŸ’»
Debian

Debian Linux

= 7.0
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/103534
πŸ”— http://www.securitytracker.com/id/1040598
πŸ”— https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
πŸ”— https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
πŸ”— https://github.com/a2u/CVE-2018-7600
πŸ”— https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
πŸ”— https://greysec.net/showthread.php?tid=2912&pid=10561
πŸ”— https://groups.drupal.org/security/faq-2018-002

Related Vulnerabilities

CVE-2008-082310.0

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administratio...

CVE-2008-056810.0

Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remot...

CVE-2007-084110.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector r...

CVE-2009-103410.0

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, ...