CVEブラウザに戻る

CVE-2018-7602

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score47.9580%

EPSS Percentile85.13th

Published2018年7月19日

Last Modified2025年11月7日

Vulnerability Description

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

Affected Platforms (CPE)

📦

Drupal

Drupal

>= 7.0 and < 7.59

📦

Drupal

Drupal

>= 8.4.0 and < 8.4.8

📦

Drupal

Drupal

>= 8.5.0 and < 8.5.3

💻

Debian

Debian Linux

= 7.0

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://www.securityfocus.com/bid/103985

🔗 http://www.securitytracker.com/id/1040754

🔗 https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html

🔗 https://www.debian.org/security/2018/dsa-4180

🔗 https://www.drupal.org/sa-core-2018-004

🔗 https://www.exploit-db.com/exploits/44542/

🔗 https://www.exploit-db.com/exploits/44557/

🔗 http://www.securityfocus.com/bid/103985

関連する脆弱性情報

CVE-2008-082310.0

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administratio...

CVE-2008-056810.0

Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remot...

CVE-2007-084110.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector r...

CVE-2009-103410.0

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, ...