← back
CVE-2018-7602

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

CVSS 9.8 CRITICALEPSS 99.1%● KEVCWE-94
In short

Drupal websites have a critical flaw that lets attackers run malicious code remotely, taking over the entire site. This vulnerability is actively being exploited by criminals.

Technical detail

A remote code execution vulnerability exists in Drupal 7.x and 8.x core through multiple subsystems, allowing unauthenticated or low-privileged attackers to execute arbitrary code via crafted requests. The vulnerability is related to inadequate input validation and sanitization in core functionality, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Drupal · core
public PoCs found9
githubgithub.com/1337g/Drupalgedon36githubgithub.com/cyberharsh/DrupalCVE-2018-76021githubgithub.com/kastellanos/CVE-2018-76021githubgithub.com/132231g/CVE-2018-76020githubgithub.com/happynote3966/CVE-2018-76020exploitdbwww.exploit-db.com/exploits/44542unverifiedcve_referencewww.exploit-db.com/exploits/44557/unverifiedexploitdbwww.exploit-db.com/exploits/44557unverifiedcve_referencewww.exploit-db.com/exploits/44542/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2018/04/msg00030.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602https://www.debian.org/security/2018/dsa-4180https://www.drupal.org/sa-core-2018-004https://www.exploit-db.com/exploits/44542/https://www.exploit-db.com/exploits/44557/http://www.securityfocus.com/bid/103985http://www.securitytracker.com/id/1040754