[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

127844

 
 

909

 
 

105823

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-7600Date: (C)2018-04-06   (M)2019-03-08


Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-103534
SECTRACK-1040598
EXPLOIT-DB-44448
EXPLOIT-DB-44449
EXPLOIT-DB-44482
DSA-4156
https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
https://github.com/a2u/CVE-2018-7600
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
https://greysec.net/showthread.php?tid=2912&pid=10561
https://groups.drupal.org/security/faq-2018-002
https://research.checkpoint.com/uncovering-drupalgeddon-2/
https://twitter.com/RicterZ/status/979567469726613504
https://twitter.com/RicterZ/status/984495201354854401
https://twitter.com/arancaytar/status/979090719003627521
https://www.drupal.org/sa-core-2018-002
https://www.synology.com/support/security/Synology_SA_18_17
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know

CPE    74
cpe:/o:debian:debian_linux:7.0
cpe:/a:drupal:drupal:8.0.0:alpha4
cpe:/a:drupal:drupal:8.0.0:alpha5
cpe:/a:drupal:drupal:8.0.0:alpha2
...
CWE    1
CWE-20
OVAL    7
oval:org.secpod.oval:def:53290
oval:org.secpod.oval:def:114309
oval:org.secpod.oval:def:114304
oval:org.secpod.oval:def:603336
...

© SecPod Technologies