CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-7600

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score30.8640%
EPSS Percentile90.48th
Published2018年3月29日
Last Modified2025年10月31日

Vulnerability Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Affected Platforms (CPE)

📦
Drupal

Drupal

<= 7.57
📦
Drupal

Drupal

>= 8.0.0 and < 8.3.9
📦
Drupal

Drupal

>= 8.4.0 and < 8.4.6
📦
Drupal

Drupal

>= 8.5.0 and < 8.5.1
💻
Debian

Debian Linux

= 7.0
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://www.securityfocus.com/bid/103534
🔗 http://www.securitytracker.com/id/1040598
🔗 https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
🔗 https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
🔗 https://github.com/a2u/CVE-2018-7600
🔗 https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
🔗 https://greysec.net/showthread.php?tid=2912&pid=10561
🔗 https://groups.drupal.org/security/faq-2018-002

相關漏洞威脅

CVE-2008-082310.0

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administratio...

CVE-2008-056810.0

Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remot...

CVE-2007-084110.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector r...

CVE-2009-103410.0

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, ...