Vulnerability-Lookup

CVE-2018-7600 (GCVE-0-2018-7600)

Vulnerability from cvelistv5 – Published: 2018-03-29 07:00 – Updated: 2025-10-21 23:45

CISA KEV

Summary

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

remote code execution

Assigner

drupal

References

URL

Tags

	https://github.com/g0rx/CVE-2018-7600-Drupal-RCE	x_refsource_MISC
	http://www.securitytracker.com/id/1040598	vdb-entryx_refsource_SECTRACK
	https://twitter.com/arancaytar/status/97909071900…	x_refsource_MISC
	https://twitter.com/RicterZ/status/979567469726613504	x_refsource_MISC
	https://www.drupal.org/sa-core-2018-002	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synolog…	x_refsource_CONFIRM
	https://github.com/a2u/CVE-2018-7600	x_refsource_MISC
	https://www.exploit-db.com/exploits/44482/	exploitx_refsource_EXPLOIT-DB
	https://research.checkpoint.com/uncovering-drupal…	x_refsource_MISC
	https://groups.drupal.org/security/faq-2018-002	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4156	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://www.exploit-db.com/exploits/44448/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/103534	vdb-entryx_refsource_BID
	https://badpackets.net/over-100000-drupal-website…	x_refsource_MISC
	https://greysec.net/showthread.php?tid=2912&pid=10561	x_refsource_MISC
	https://blog.appsecco.com/remote-code-execution-w…	x_refsource_MISC
	https://www.tenable.com/blog/critical-drupal-core…	x_refsource_MISC
	https://twitter.com/RicterZ/status/984495201354854401	x_refsource_MISC
	https://www.exploit-db.com/exploits/44449/	exploitx_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	n/a	Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1	Affected: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 7c7abd9c-7589-4308-bd76-d7170e204dc6

Vulnerability ID: CVE-2018-7600

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEV entry: Drupal Core Remote Code Execution Vulnerability | Affected: Drupal / Drupal Core | Description: Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-7600

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-20
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Drupal Core
Due Date	2022-05-03
Date Added	2021-11-03
Vendorproject	Drupal
Vulnerabilityname	Drupal Core Remote Code Execution Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2018-7600

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-02 12:28 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:04.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
          },
          {
            "name": "1040598",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040598"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/arancaytar/status/979090719003627521"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/RicterZ/status/979567469726613504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2018-002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_17"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/a2u/CVE-2018-7600"
          },
          {
            "name": "44482",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44482/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.drupal.org/security/faq-2018-002"
          },
          {
            "name": "DSA-4156",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4156"
          },
          {
            "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
          },
          {
            "name": "44448",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44448/"
          },
          {
            "name": "103534",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103534"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/RicterZ/status/984495201354854401"
          },
          {
            "name": "44449",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44449/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-7600",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T12:40:15.444546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:52.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2018-7600 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-11T12:57:01.000Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
        },
        {
          "name": "1040598",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040598"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/arancaytar/status/979090719003627521"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/RicterZ/status/979567469726613504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/sa-core-2018-002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_17"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/a2u/CVE-2018-7600"
        },
        {
          "name": "44482",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44482/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.drupal.org/security/faq-2018-002"
        },
        {
          "name": "DSA-4156",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4156"
        },
        {
          "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
        },
        {
          "name": "44448",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44448/"
        },
        {
          "name": "103534",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103534"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/RicterZ/status/984495201354854401"
        },
        {
          "name": "44449",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44449/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@drupal.org",
          "ID": "CVE-2018-7600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE",
              "refsource": "MISC",
              "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
            },
            {
              "name": "1040598",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040598"
            },
            {
              "name": "https://twitter.com/arancaytar/status/979090719003627521",
              "refsource": "MISC",
              "url": "https://twitter.com/arancaytar/status/979090719003627521"
            },
            {
              "name": "https://twitter.com/RicterZ/status/979567469726613504",
              "refsource": "MISC",
              "url": "https://twitter.com/RicterZ/status/979567469726613504"
            },
            {
              "name": "https://www.drupal.org/sa-core-2018-002",
              "refsource": "CONFIRM",
              "url": "https://www.drupal.org/sa-core-2018-002"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_17",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_17"
            },
            {
              "name": "https://github.com/a2u/CVE-2018-7600",
              "refsource": "MISC",
              "url": "https://github.com/a2u/CVE-2018-7600"
            },
            {
              "name": "44482",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44482/"
            },
            {
              "name": "https://research.checkpoint.com/uncovering-drupalgeddon-2/",
              "refsource": "MISC",
              "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
            },
            {
              "name": "https://groups.drupal.org/security/faq-2018-002",
              "refsource": "CONFIRM",
              "url": "https://groups.drupal.org/security/faq-2018-002"
            },
            {
              "name": "DSA-4156",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4156"
            },
            {
              "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
            },
            {
              "name": "44448",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44448/"
            },
            {
              "name": "103534",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103534"
            },
            {
              "name": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/",
              "refsource": "MISC",
              "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
            },
            {
              "name": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561",
              "refsource": "MISC",
              "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
            },
            {
              "name": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714",
              "refsource": "MISC",
              "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
            },
            {
              "name": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know",
              "refsource": "MISC",
              "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
            },
            {
              "name": "https://twitter.com/RicterZ/status/984495201354854401",
              "refsource": "MISC",
              "url": "https://twitter.com/RicterZ/status/984495201354854401"
            },
            {
              "name": "44449",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44449/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2018-7600",
    "datePublished": "2018-03-29T07:00:00.000Z",
    "dateReserved": "2018-03-01T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:52.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2018-7600",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600",
      "product": "Drupal Core",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.",
      "vendorProject": "Drupal",
      "vulnerabilityName": "Drupal Core Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-05-03",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Drupal Core Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.57\", \"matchCriteriaId\": \"32918FBA-EEAE-4103-AD2A-0E1914790A2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.3.9\", \"matchCriteriaId\": \"CB9AA188-842A-4465-833B-066371D5611E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.4.0\", \"versionEndExcluding\": \"8.4.6\", \"matchCriteriaId\": \"0C796B60-2568-4E1F-A4CC-710DF21924BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndExcluding\": \"8.5.1\", \"matchCriteriaId\": \"FE407010-FFFB-454E-B14A-56AD24B2997C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.\"}, {\"lang\": \"es\", \"value\": \"Drupal en versiones anteriores a la 7.58, 8.x anteriores a la 8.3.9, 8.4.x anteriores a la 8.4.6 y 8.5.x anteriores a la 8.5.1 permite que los atacantes remotos ejecuten c\\u00f3digo arbitrario debido a un problema que afecta a m\\u00faltiples subsistemas con configuraciones de m\\u00f3dulos por defecto o comunes.\"}]",
      "id": "CVE-2018-7600",
      "lastModified": "2024-11-21T04:12:25.880",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-29T07:29:00.260",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/103534\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040598\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/a2u/CVE-2018-7600\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.drupal.org/security/faq-2018-002\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://research.checkpoint.com/uncovering-drupalgeddon-2/\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/RicterZ/status/979567469726613504\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/RicterZ/status/984495201354854401\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/arancaytar/status/979090719003627521\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4156\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2018-002\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44448/\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44449/\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44482/\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_18_17\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103534\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/a2u/CVE-2018-7600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.drupal.org/security/faq-2018-002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://research.checkpoint.com/uncovering-drupalgeddon-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/RicterZ/status/979567469726613504\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/RicterZ/status/984495201354854401\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/arancaytar/status/979090719003627521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4156\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2018-002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44448/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44449/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44482/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_18_17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "mlhess@drupal.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7600\",\"sourceIdentifier\":\"mlhess@drupal.org\",\"published\":\"2018-03-29T07:29:00.260\",\"lastModified\":\"2025-10-31T22:05:42.410\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.\"},{\"lang\":\"es\",\"value\":\"Drupal en versiones anteriores a la 7.58, 8.x anteriores a la 8.3.9, 8.4.x anteriores a la 8.4.6 y 8.5.x anteriores a la 8.5.1 permite que los atacantes remotos ejecuten c\u00f3digo arbitrario debido a un problema que afecta a m\u00faltiples subsistemas con configuraciones de m\u00f3dulos por defecto o comunes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Drupal Core Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.57\",\"matchCriteriaId\":\"32918FBA-EEAE-4103-AD2A-0E1914790A2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.3.9\",\"matchCriteriaId\":\"CB9AA188-842A-4465-833B-066371D5611E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndExcluding\":\"8.4.6\",\"matchCriteriaId\":\"0C796B60-2568-4E1F-A4CC-710DF21924BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.1\",\"matchCriteriaId\":\"FE407010-FFFB-454E-B14A-56AD24B2997C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103534\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040598\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/a2u/CVE-2018-7600\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://groups.drupal.org/security/faq-2018-002\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://research.checkpoint.com/uncovering-drupalgeddon-2/\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/RicterZ/status/979567469726613504\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/RicterZ/status/984495201354854401\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/arancaytar/status/979090719003627521\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4156\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2018-002\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44448/\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/44449/\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/44482/\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_17\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/a2u/CVE-2018-7600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://groups.drupal.org/security/faq-2018-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://research.checkpoint.com/uncovering-drupalgeddon-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/RicterZ/status/979567469726613504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/RicterZ/status/984495201354854401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/arancaytar/status/979090719003627521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2018-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44448/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/44449/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/44482/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1040598\", \"name\": \"1040598\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/arancaytar/status/979090719003627521\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/RicterZ/status/979567469726613504\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.drupal.org/sa-core-2018-002\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_18_17\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/a2u/CVE-2018-7600\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44482/\", \"name\": \"44482\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://research.checkpoint.com/uncovering-drupalgeddon-2/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://groups.drupal.org/security/faq-2018-002\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4156\", \"name\": \"DSA-4156\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\", \"name\": \"[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44448/\", \"name\": \"44448\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/103534\", \"name\": \"103534\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/RicterZ/status/984495201354854401\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44449/\", \"name\": \"44449\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T06:31:04.955Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-7600\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T12:40:15.444546Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00+00:00\", \"value\": \"CVE-2018-7600 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T12:39:01.170Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1\"}]}], \"datePublic\": \"2018-03-29T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securitytracker.com/id/1040598\", \"name\": \"1040598\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://twitter.com/arancaytar/status/979090719003627521\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/RicterZ/status/979567469726613504\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.drupal.org/sa-core-2018-002\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_18_17\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/a2u/CVE-2018-7600\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44482/\", \"name\": \"44482\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://research.checkpoint.com/uncovering-drupalgeddon-2/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://groups.drupal.org/security/faq-2018-002\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4156\", \"name\": \"DSA-4156\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\", \"name\": \"[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44448/\", \"name\": \"44448\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://www.securityfocus.com/bid/103534\", \"name\": \"103534\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/RicterZ/status/984495201354854401\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44449/\", \"name\": \"44449\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"remote code execution\"}]}], \"providerMetadata\": {\"orgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"shortName\": \"drupal\", \"dateUpdated\": \"2018-06-11T12:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1\"}]}, \"product_name\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\", \"name\": \"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securitytracker.com/id/1040598\", \"name\": \"1040598\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://twitter.com/arancaytar/status/979090719003627521\", \"name\": \"https://twitter.com/arancaytar/status/979090719003627521\", \"refsource\": \"MISC\"}, {\"url\": \"https://twitter.com/RicterZ/status/979567469726613504\", \"name\": \"https://twitter.com/RicterZ/status/979567469726613504\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.drupal.org/sa-core-2018-002\", \"name\": \"https://www.drupal.org/sa-core-2018-002\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_18_17\", \"name\": \"https://www.synology.com/support/security/Synology_SA_18_17\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/a2u/CVE-2018-7600\", \"name\": \"https://github.com/a2u/CVE-2018-7600\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.exploit-db.com/exploits/44482/\", \"name\": \"44482\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://research.checkpoint.com/uncovering-drupalgeddon-2/\", \"name\": \"https://research.checkpoint.com/uncovering-drupalgeddon-2/\", \"refsource\": \"MISC\"}, {\"url\": \"https://groups.drupal.org/security/faq-2018-002\", \"name\": \"https://groups.drupal.org/security/faq-2018-002\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4156\", \"name\": \"DSA-4156\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\", \"name\": \"[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.exploit-db.com/exploits/44448/\", \"name\": \"44448\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://www.securityfocus.com/bid/103534\", \"name\": \"103534\", \"refsource\": \"BID\"}, {\"url\": \"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\", \"name\": \"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/\", \"refsource\": \"MISC\"}, {\"url\": \"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\", \"name\": \"https://greysec.net/showthread.php?tid=2912\u0026pid=10561\", \"refsource\": \"MISC\"}, {\"url\": \"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\", \"name\": \"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\", \"name\": \"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\", \"refsource\": \"MISC\"}, {\"url\": \"https://twitter.com/RicterZ/status/984495201354854401\", \"name\": \"https://twitter.com/RicterZ/status/984495201354854401\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.exploit-db.com/exploits/44449/\", \"name\": \"44449\", \"refsource\": \"EXPLOIT-DB\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"remote code execution\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-7600\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@drupal.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-7600\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:45:52.444Z\", \"dateReserved\": \"2018-03-01T00:00:00.000Z\", \"assignerOrgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"datePublished\": \"2018-03-29T07:00:00.000Z\", \"assignerShortName\": \"drupal\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-ALE-005

Vulnerability from certfr_alerte - Published: - Updated:

Le 28 mars 2018, l'éditeur du système de gestion de contenu Drupal a publié un avis de sécurité concernant une vulnérabilité critique dans Drupal core. L'avis SA-CORE-2018-002 indique que les systèmes Drupal en versions 7.x, 8.5.x, mais également les systèmes n'étant plus supportés (version 8.3.x, 8.4.x et 6), sont affectés par une vulnérabilité hautement critique pouvant mener à la compromission complète d'un site web basé sur Drupal.

Cette vulnérabilité, identifiée en tant que CVE-2018-7600, permettrait à un visiteur d'un site vulnérable d'accéder à toutes les données contenues sur le site, de les modifier et de les supprimer, et ce sans authentification.

Le CERT-FR recommande d'appliquer au plus tôt les correctifs de sécurité mis à disposition par Drupal.

[ Mise à jour du 16 avril 2018]

Le 12 avril 2018, une preuve de concept exploitant la vulnérabilité CVE-2018-7600 a été publiée publiquement sur Github. Depuis, le CERT-FR constate des tentatives d'exploitation.

Au vu de la facilité d'exploitation et de la criticité de cette vulnérabilité, le CERT-FR a décidé de rouvrir l'alerte CERTFR-2018-ALE-005 et rappelle qu'il est nécessaire d'appliquer les correctifs déjà disponibles immédiatement.

[ Mise à jour du 26 avril 2018]

Le 25 avril, l'éditeur de Drupal a publié un nouveau bulletin d'alerte concernant une vulnérabilité similaire à la CVE-2018-7600, la CVE-2018-7602. Cette vulnérabilité permet une exécution de code arbitraire à distance et a été signalée comme exploitée très peu de temps après sa publication. Le CERT-FR conseille l'application immédiate des correctifs fournis par l'éditeur. Il est à noter que l'application des correctifs de la vulnérabilité CVE-2018-7602 nécessite l'installation préalable de ceux de la CVE-2018-7600.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Drupal	Drupal	Drupal versions 8.5.x antérieures à 8.5.3
Drupal	Drupal	Drupal versions 7.x antérieures à 7.59
Drupal	Drupal	Drupal versions 8.4.x antérieures à 8.4.8
Drupal	Drupal	Drupal version 6

References

Title

Publication Time

Tags

Bulletin de sécurité Drupal SA-CORE-2018-004 du 25 avril 2018	None	vendor-advisory
Bulletin de sécurité Drupal SA-CORE-2018-002 du 28 mars 2018	None	vendor-advisory
Foire aux questions Drupal pour l'avis de sécurité SA-CORE-2018-002	None	vendor-advisory
Avis CERT-FR CERTFR-2018-AVI-158 Vulnérabilité dans Drupal	-	other
Billet de blogue Checkpoint	-	other
Billet de blogue SANS	-	other
Avis CERT-FR CERTFR-2018-AVI-204 Vulnérabilité dans Drupal	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Drupal versions 8.5.x ant\u00e9rieures \u00e0 8.5.3",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal versions 7.x ant\u00e9rieures \u00e0 7.59",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal versions 8.4.x ant\u00e9rieures \u00e0 8.4.8",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal version 6",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-07-30",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"
    },
    {
      "name": "CVE-2018-7602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7602"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-158 Vuln\u00e9rabilit\u00e9 dans Drupal",
      "url": "http://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-158"
    },
    {
      "title": "Billet de blogue Checkpoint",
      "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
    },
    {
      "title": "Billet de blogue SANS",
      "url": "https://isc.sans.edu/forums/diary/Drupal+CVE20187600+PoC+is+Public/23549/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-204 Vuln\u00e9rabilit\u00e9 dans Drupal",
      "url": "http://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-204"
    }
  ],
  "reference": "CERTFR-2018-ALE-005",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    },
    {
      "description": "Modification d\u0027un lien",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Rouverture de l\u0027alerte suite \u00e0 la publication du PoC, ajout de liens",
      "revision_date": "2018-04-16T00:00:00.000000"
    },
    {
      "description": "Ajout de la CVE-2018-7602",
      "revision_date": "2018-04-26T00:00:00.000000"
    },
    {
      "description": "Modification du titre de l\u0027alerte",
      "revision_date": "2018-04-26T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Le 28 mars 2018, l\u0027\u00e9diteur du syst\u00e8me de gestion de contenu Drupal a\npubli\u00e9 un avis de s\u00e9curit\u00e9 concernant une vuln\u00e9rabilit\u00e9 critique dans\nDrupal core. L\u0027avis SA-CORE-2018-002 indique que les syst\u00e8mes Drupal en\nversions 7.x, 8.5.x, mais \u00e9galement les syst\u00e8mes n\u0027\u00e9tant plus support\u00e9s\n(version 8.3.x, 8.4.x et 6), sont affect\u00e9s par une vuln\u00e9rabilit\u00e9\nhautement critique pouvant mener \u00e0 la compromission compl\u00e8te d\u0027un site\nweb bas\u00e9 sur Drupal.\n\nCette vuln\u00e9rabilit\u00e9, identifi\u00e9e en tant que CVE-2018-7600, permettrait \u00e0\nun visiteur d\u0027un site vuln\u00e9rable d\u0027acc\u00e9der \u00e0 toutes les donn\u00e9es\ncontenues sur le site, de les modifier et de les supprimer, et ce sans\nauthentification.\n\nLe CERT-FR recommande d\u0027appliquer au plus t\u00f4t les correctifs de s\u00e9curit\u00e9\nmis \u00e0 disposition par Drupal.\n\n\u003cstrong\u003e\\[ Mise \u00e0 jour du 16 avril 2018\\]\u003c/strong\u003e\n\nLe 12 avril 2018, une preuve de concept exploitant la vuln\u00e9rabilit\u00e9\nCVE-2018-7600 a \u00e9t\u00e9 publi\u00e9e publiquement sur Github. Depuis, le CERT-FR\nconstate des tentatives d\u0027exploitation.\n\nAu vu de la facilit\u00e9 d\u0027exploitation et de la criticit\u00e9 de cette\nvuln\u00e9rabilit\u00e9, le CERT-FR a d\u00e9cid\u00e9 de rouvrir\nl\u0027alerte\u00a0CERTFR-2018-ALE-005 et rappelle qu\u0027il est n\u00e9cessaire\nd\u0027appliquer les correctifs d\u00e9j\u00e0 disponibles imm\u00e9diatement.\n\n\u003cstrong\u003e\\[ Mise \u00e0 jour du 26 avril 2018\\]\u003c/strong\u003e\n\nLe 25 avril, l\u0027\u00e9diteur de Drupal a publi\u00e9 un nouveau bulletin d\u0027alerte\nconcernant une vuln\u00e9rabilit\u00e9 similaire \u00e0 la CVE-2018-7600, la\nCVE-2018-7602. Cette vuln\u00e9rabilit\u00e9 permet une ex\u00e9cution de code\narbitraire \u00e0 distance et a \u00e9t\u00e9 signal\u00e9e comme exploit\u00e9e tr\u00e8s peu de\ntemps apr\u00e8s sa publication. Le CERT-FR conseille l\u0027application imm\u00e9diate\ndes correctifs fournis par l\u0027\u00e9diteur. Il est \u00e0 noter que l\u0027application\ndes correctifs de la vuln\u00e9rabilit\u00e9 CVE-2018-7602 n\u00e9cessite\nl\u0027installation pr\u00e9alable de ceux de la CVE-2018-7600.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Drupal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-004 du 25 avril 2018",
      "url": "https://www.drupal.org/sa-core-2018-004"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-002 du 28 mars 2018",
      "url": "https://www.drupal.org/sa-core-2018-002"
    },
    {
      "published_at": null,
      "title": "Foire aux questions Drupal pour l\u0027avis de s\u00e9curit\u00e9 SA-CORE-2018-002",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    }
  ]
}

CERTFR-2018-ALE-005

Vulnerability from certfr_alerte - Published: - Updated:

Le CERT-FR recommande d'appliquer au plus tôt les correctifs de sécurité mis à disposition par Drupal.

[ Mise à jour du 16 avril 2018]

Le 12 avril 2018, une preuve de concept exploitant la vulnérabilité CVE-2018-7600 a été publiée publiquement sur Github. Depuis, le CERT-FR constate des tentatives d'exploitation.

[ Mise à jour du 26 avril 2018]

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Drupal	Drupal	Drupal versions 8.5.x antérieures à 8.5.3
Drupal	Drupal	Drupal versions 7.x antérieures à 7.59
Drupal	Drupal	Drupal versions 8.4.x antérieures à 8.4.8
Drupal	Drupal	Drupal version 6

References

Title

Publication Time

Tags

Bulletin de sécurité Drupal SA-CORE-2018-004 du 25 avril 2018	None	vendor-advisory
Bulletin de sécurité Drupal SA-CORE-2018-002 du 28 mars 2018	None	vendor-advisory
Foire aux questions Drupal pour l'avis de sécurité SA-CORE-2018-002	None	vendor-advisory
Avis CERT-FR CERTFR-2018-AVI-158 Vulnérabilité dans Drupal	-	other
Billet de blogue Checkpoint	-	other
Billet de blogue SANS	-	other
Avis CERT-FR CERTFR-2018-AVI-204 Vulnérabilité dans Drupal	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Drupal versions 8.5.x ant\u00e9rieures \u00e0 8.5.3",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal versions 7.x ant\u00e9rieures \u00e0 7.59",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal versions 8.4.x ant\u00e9rieures \u00e0 8.4.8",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal version 6",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-07-30",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"
    },
    {
      "name": "CVE-2018-7602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7602"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-158 Vuln\u00e9rabilit\u00e9 dans Drupal",
      "url": "http://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-158"
    },
    {
      "title": "Billet de blogue Checkpoint",
      "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
    },
    {
      "title": "Billet de blogue SANS",
      "url": "https://isc.sans.edu/forums/diary/Drupal+CVE20187600+PoC+is+Public/23549/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-204 Vuln\u00e9rabilit\u00e9 dans Drupal",
      "url": "http://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-204"
    }
  ],
  "reference": "CERTFR-2018-ALE-005",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    },
    {
      "description": "Modification d\u0027un lien",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Rouverture de l\u0027alerte suite \u00e0 la publication du PoC, ajout de liens",
      "revision_date": "2018-04-16T00:00:00.000000"
    },
    {
      "description": "Ajout de la CVE-2018-7602",
      "revision_date": "2018-04-26T00:00:00.000000"
    },
    {
      "description": "Modification du titre de l\u0027alerte",
      "revision_date": "2018-04-26T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Le 28 mars 2018, l\u0027\u00e9diteur du syst\u00e8me de gestion de contenu Drupal a\npubli\u00e9 un avis de s\u00e9curit\u00e9 concernant une vuln\u00e9rabilit\u00e9 critique dans\nDrupal core. L\u0027avis SA-CORE-2018-002 indique que les syst\u00e8mes Drupal en\nversions 7.x, 8.5.x, mais \u00e9galement les syst\u00e8mes n\u0027\u00e9tant plus support\u00e9s\n(version 8.3.x, 8.4.x et 6), sont affect\u00e9s par une vuln\u00e9rabilit\u00e9\nhautement critique pouvant mener \u00e0 la compromission compl\u00e8te d\u0027un site\nweb bas\u00e9 sur Drupal.\n\nCette vuln\u00e9rabilit\u00e9, identifi\u00e9e en tant que CVE-2018-7600, permettrait \u00e0\nun visiteur d\u0027un site vuln\u00e9rable d\u0027acc\u00e9der \u00e0 toutes les donn\u00e9es\ncontenues sur le site, de les modifier et de les supprimer, et ce sans\nauthentification.\n\nLe CERT-FR recommande d\u0027appliquer au plus t\u00f4t les correctifs de s\u00e9curit\u00e9\nmis \u00e0 disposition par Drupal.\n\n\u003cstrong\u003e\\[ Mise \u00e0 jour du 16 avril 2018\\]\u003c/strong\u003e\n\nLe 12 avril 2018, une preuve de concept exploitant la vuln\u00e9rabilit\u00e9\nCVE-2018-7600 a \u00e9t\u00e9 publi\u00e9e publiquement sur Github. Depuis, le CERT-FR\nconstate des tentatives d\u0027exploitation.\n\nAu vu de la facilit\u00e9 d\u0027exploitation et de la criticit\u00e9 de cette\nvuln\u00e9rabilit\u00e9, le CERT-FR a d\u00e9cid\u00e9 de rouvrir\nl\u0027alerte\u00a0CERTFR-2018-ALE-005 et rappelle qu\u0027il est n\u00e9cessaire\nd\u0027appliquer les correctifs d\u00e9j\u00e0 disponibles imm\u00e9diatement.\n\n\u003cstrong\u003e\\[ Mise \u00e0 jour du 26 avril 2018\\]\u003c/strong\u003e\n\nLe 25 avril, l\u0027\u00e9diteur de Drupal a publi\u00e9 un nouveau bulletin d\u0027alerte\nconcernant une vuln\u00e9rabilit\u00e9 similaire \u00e0 la CVE-2018-7600, la\nCVE-2018-7602. Cette vuln\u00e9rabilit\u00e9 permet une ex\u00e9cution de code\narbitraire \u00e0 distance et a \u00e9t\u00e9 signal\u00e9e comme exploit\u00e9e tr\u00e8s peu de\ntemps apr\u00e8s sa publication. Le CERT-FR conseille l\u0027application imm\u00e9diate\ndes correctifs fournis par l\u0027\u00e9diteur. Il est \u00e0 noter que l\u0027application\ndes correctifs de la vuln\u00e9rabilit\u00e9 CVE-2018-7602 n\u00e9cessite\nl\u0027installation pr\u00e9alable de ceux de la CVE-2018-7600.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Drupal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-004 du 25 avril 2018",
      "url": "https://www.drupal.org/sa-core-2018-004"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-002 du 28 mars 2018",
      "url": "https://www.drupal.org/sa-core-2018-002"
    },
    {
      "published_at": null,
      "title": "Foire aux questions Drupal pour l\u0027avis de s\u00e9curit\u00e9 SA-CORE-2018-002",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    }
  ]
}

GSD-2018-7600

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7600

Aliases

CVE-2018-7600

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7600",
    "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.",
    "id": "GSD-2018-7600",
    "references": [
      "https://www.debian.org/security/2018/dsa-4156",
      "https://security.archlinux.org/CVE-2018-7600",
      "https://packetstormsecurity.com/files/cve/CVE-2018-7600",
      "https://ubuntu.com/security/CVE-2018-7600"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7600"
      ],
      "details": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.",
      "id": "GSD-2018-7600",
      "modified": "2023-12-13T01:22:32.897389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2018-7600",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "product": "Drupal",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.",
      "vendorProject": "Drupal",
      "vulnerabilityName": "Drupal module configuration vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@drupal.org",
        "ID": "CVE-2018-7600",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE",
            "refsource": "MISC",
            "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
          },
          {
            "name": "1040598",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040598"
          },
          {
            "name": "https://twitter.com/arancaytar/status/979090719003627521",
            "refsource": "MISC",
            "url": "https://twitter.com/arancaytar/status/979090719003627521"
          },
          {
            "name": "https://twitter.com/RicterZ/status/979567469726613504",
            "refsource": "MISC",
            "url": "https://twitter.com/RicterZ/status/979567469726613504"
          },
          {
            "name": "https://www.drupal.org/sa-core-2018-002",
            "refsource": "CONFIRM",
            "url": "https://www.drupal.org/sa-core-2018-002"
          },
          {
            "name": "https://www.synology.com/support/security/Synology_SA_18_17",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/support/security/Synology_SA_18_17"
          },
          {
            "name": "https://github.com/a2u/CVE-2018-7600",
            "refsource": "MISC",
            "url": "https://github.com/a2u/CVE-2018-7600"
          },
          {
            "name": "44482",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44482/"
          },
          {
            "name": "https://research.checkpoint.com/uncovering-drupalgeddon-2/",
            "refsource": "MISC",
            "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
          },
          {
            "name": "https://groups.drupal.org/security/faq-2018-002",
            "refsource": "CONFIRM",
            "url": "https://groups.drupal.org/security/faq-2018-002"
          },
          {
            "name": "DSA-4156",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4156"
          },
          {
            "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
          },
          {
            "name": "44448",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44448/"
          },
          {
            "name": "103534",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103534"
          },
          {
            "name": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/",
            "refsource": "MISC",
            "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
          },
          {
            "name": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561",
            "refsource": "MISC",
            "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
          },
          {
            "name": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714",
            "refsource": "MISC",
            "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
          },
          {
            "name": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know",
            "refsource": "MISC",
            "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
          },
          {
            "name": "https://twitter.com/RicterZ/status/984495201354854401",
            "refsource": "MISC",
            "url": "https://twitter.com/RicterZ/status/984495201354854401"
          },
          {
            "name": "44449",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44449/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=8.0.0-alpha0,\u003c8.3.0-stable||\u003e=8.4.0-alpha0,\u003c8.4.6||\u003e=8.5.0-alpha0,\u003c8.5.1",
          "affected_versions": "All versions starting from 8.0.0-alpha0 before 8.3.0, all versions starting from 8.4.0-alpha0 before 8.4.6, all versions starting from 8.5.0-alpha0 before 8.5.1",
          "credit": "Jasper Mattsson",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2019-03-01",
          "description": "A remote code execution vulnerability allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.",
          "fixed_versions": [
            "8.3.9",
            "8.4.6",
            "8.5.1"
          ],
          "identifier": "CVE-2018-7600",
          "identifiers": [
            "CVE-2018-7600"
          ],
          "package_slug": "packagist/drupal/core",
          "pubdate": "2018-03-29",
          "solution": "Upgrade to fixed versions.",
          "title": "Remote Code Execution",
          "urls": [
            "https://www.drupal.org/sa-core-2018-002"
          ],
          "uuid": "ca088716-3e4f-467e-bb8d-6939dd0f74fe"
        },
        {
          "affected_range": "\u003e=8.0.0-alpha0,\u003c8.3.0-stable||\u003e=8.4.0-alpha0,\u003c8.4.6||\u003e=8.5.0-alpha0,\u003c8.5.1",
          "affected_versions": "All versions starting from 8.0.0-alpha0 before 8.3.0, all versions starting from 8.4.0-alpha0 before 8.4.6, all versions starting from 8.5.0-alpha0 before 8.5.1",
          "credit": "Jasper Mattsson",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2019-03-01",
          "description": "A remote code execution vulnerability allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.",
          "fixed_versions": [
            "8.3.9",
            "8.4.6",
            "8.5.1"
          ],
          "identifier": "CVE-2018-7600",
          "identifiers": [
            "CVE-2018-7600"
          ],
          "package_slug": "packagist/drupal/drupal",
          "pubdate": "2018-03-29",
          "solution": "Upgrade to fixed versions.",
          "title": "Remote Code Execution",
          "urls": [
            "https://www.drupal.org/sa-core-2018-002"
          ],
          "uuid": "95b8c6e9-e3c2-4112-ac6f-f3ab3fd64584"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.57",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3.9",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.4.6",
                "versionStartIncluding": "8.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.5.1",
                "versionStartIncluding": "8.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@drupal.org",
          "ID": "CVE-2018-7600"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.drupal.org/sa-core-2018-002",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.drupal.org/sa-core-2018-002"
            },
            {
              "name": "https://groups.drupal.org/security/faq-2018-002",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://groups.drupal.org/security/faq-2018-002"
            },
            {
              "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
            },
            {
              "name": "1040598",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040598"
            },
            {
              "name": "103534",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103534"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_17",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_17"
            },
            {
              "name": "DSA-4156",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4156"
            },
            {
              "name": "https://twitter.com/RicterZ/status/979567469726613504",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/RicterZ/status/979567469726613504"
            },
            {
              "name": "https://github.com/a2u/CVE-2018-7600",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/a2u/CVE-2018-7600"
            },
            {
              "name": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
            },
            {
              "name": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
            },
            {
              "name": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
            },
            {
              "name": "https://twitter.com/arancaytar/status/979090719003627521",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/arancaytar/status/979090719003627521"
            },
            {
              "name": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
            },
            {
              "name": "https://twitter.com/RicterZ/status/984495201354854401",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/RicterZ/status/984495201354854401"
            },
            {
              "name": "https://research.checkpoint.com/uncovering-drupalgeddon-2/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
            },
            {
              "name": "44449",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/44449/"
            },
            {
              "name": "44448",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/44448/"
            },
            {
              "name": "44482",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/44482/"
            },
            {
              "name": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-01T18:04Z",
      "publishedDate": "2018-03-29T07:29Z"
    }
  }
}

CNVD-2018-06660

Vulnerability from cnvd - Published: 2018-03-29

Title

Drupal core远程代码执行漏洞（CNVD-2018-06660）

Description

Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal多个子版本存在远程代码执行漏洞，攻击者可能利用此漏洞实现远程代码执行攻击，从而影响到业务系统的安全性。

Severity

高

Patch Name

Drupal core远程代码执行漏洞（CNVD-2018-06660）的补丁

Patch Description

Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal多个子版本存在远程代码执行漏洞，攻击者可能利用此漏洞实现远程代码执行攻击，从而影响到业务系统的安全性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.drupal.org/sa-core-2018-002

Reference

https://www.drupal.org/sa-core-2018-002

Impacted products

Name
['Drupal Drupal 7.', 'Drupal Drupal 8.']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7600"
    }
  },
  "description": "Drupal\u662fDrupal\u793e\u533a\u6240\u7ef4\u62a4\u7684\u4e00\u5957\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal\u591a\u4e2a\u5b50\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u653b\u51fb\uff0c\u4ece\u800c\u5f71\u54cd\u5230\u4e1a\u52a1\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3002",
  "discovererName": "Jasper Mattsson",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.drupal.org/sa-core-2018-002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06660",
  "openTime": "2018-03-29",
  "patchDescription": "Drupal\u662fDrupal\u793e\u533a\u6240\u7ef4\u62a4\u7684\u4e00\u5957\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal\u591a\u4e2a\u5b50\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u653b\u51fb\uff0c\u4ece\u800c\u5f71\u54cd\u5230\u4e1a\u52a1\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Drupal core\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-06660\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Drupal Drupal 7.*",
      "Drupal Drupal 8.*"
    ]
  },
  "referenceLink": "https://www.drupal.org/sa-core-2018-002",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-29",
  "title": "Drupal core\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-06660\uff09"
}

GHSA-7FH9-933G-885P

Vulnerability from github – Published: 2022-05-14 01:29 – Updated: 2025-10-22 17:30

Summary

Drupal Core Remote Code Execution Vulnerability

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0"
            },
            {
              "fixed": "7.58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.4.0"
            },
            {
              "fixed": "8.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.5.0"
            },
            {
              "fixed": "8.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0"
            },
            {
              "fixed": "7.58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.4"
            },
            {
              "fixed": "8.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.5"
            },
            {
              "fixed": "8.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-7600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T22:36:48Z",
    "nvd_published_at": "2018-03-29T07:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.",
  "id": "GHSA-7fh9-933g-885p",
  "modified": "2025-10-22T17:30:06Z",
  "published": "2022-05-14T01:29:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/support/security/Synology_SA_18_17"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44482"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44449"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44448"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-core-2018-002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4156"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/arancaytar/status/979090719003627521"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/RicterZ/status/984495201354854401"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/RicterZ/status/979567469726613504"
    },
    {
      "type": "WEB",
      "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    },
    {
      "type": "WEB",
      "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
    },
    {
      "type": "WEB",
      "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/drupal/core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/a2u/CVE-2018-7600"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml"
    },
    {
      "type": "WEB",
      "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
    },
    {
      "type": "WEB",
      "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103534"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040598"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drupal Core Remote Code Execution Vulnerability"
}

CERTFR-2018-AVI-158

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Drupal. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Drupal	Drupal	Drupal toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Drupal SA-CORE-2018-002 du 28 mars 2018	None	vendor-advisory
Foire aux questions sur la vulnérabilités CVE-2018-7600	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Drupal toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"
    }
  ],
  "links": [
    {
      "title": "Foire aux questions sur la vuln\u00e9rabilit\u00e9s CVE-2018-7600",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    }
  ],
  "reference": "CERTFR-2018-AVI-158",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Drupal. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Drupal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-002 du 28 mars 2018",
      "url": "https://www.drupal.org/sa-core-2018-002"
    }
  ]
}

CERTFR-2018-AVI-158

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Drupal. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Drupal	Drupal	Drupal toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Drupal SA-CORE-2018-002 du 28 mars 2018	None	vendor-advisory
Foire aux questions sur la vulnérabilités CVE-2018-7600	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Drupal toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"
    }
  ],
  "links": [
    {
      "title": "Foire aux questions sur la vuln\u00e9rabilit\u00e9s CVE-2018-7600",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    }
  ],
  "reference": "CERTFR-2018-AVI-158",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Drupal. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Drupal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-002 du 28 mars 2018",
      "url": "https://www.drupal.org/sa-core-2018-002"
    }
  ]
}

FKIE_CVE-2018-7600

Vulnerability from fkie_nvd - Published: 2018-03-29 07:29 - Updated: 2025-10-31 22:05

CISA KEV

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
mlhess@drupal.org	http://www.securityfocus.com/bid/103534	Broken Link, Third Party Advisory, VDB Entry
mlhess@drupal.org	http://www.securitytracker.com/id/1040598	Broken Link, Third Party Advisory, VDB Entry
mlhess@drupal.org	https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/	Broken Link, Third Party Advisory
mlhess@drupal.org	https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714	Third Party Advisory
mlhess@drupal.org	https://github.com/a2u/CVE-2018-7600	Third Party Advisory
mlhess@drupal.org	https://github.com/g0rx/CVE-2018-7600-Drupal-RCE	Patch, Third Party Advisory
mlhess@drupal.org	https://greysec.net/showthread.php?tid=2912&pid=10561	Broken Link, Issue Tracking, Third Party Advisory
mlhess@drupal.org	https://groups.drupal.org/security/faq-2018-002	Vendor Advisory
mlhess@drupal.org	https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html	Third Party Advisory
mlhess@drupal.org	https://research.checkpoint.com/uncovering-drupalgeddon-2/	Exploit, Third Party Advisory
mlhess@drupal.org	https://twitter.com/RicterZ/status/979567469726613504	Broken Link, Third Party Advisory
mlhess@drupal.org	https://twitter.com/RicterZ/status/984495201354854401	Broken Link, Third Party Advisory
mlhess@drupal.org	https://twitter.com/arancaytar/status/979090719003627521	Third Party Advisory
mlhess@drupal.org	https://www.debian.org/security/2018/dsa-4156	Third Party Advisory
mlhess@drupal.org	https://www.drupal.org/sa-core-2018-002	Vendor Advisory
mlhess@drupal.org	https://www.exploit-db.com/exploits/44448/	Exploit, Third Party Advisory, VDB Entry
mlhess@drupal.org	https://www.exploit-db.com/exploits/44449/	Exploit, Third Party Advisory, VDB Entry
mlhess@drupal.org	https://www.exploit-db.com/exploits/44482/	Exploit, Third Party Advisory, VDB Entry
mlhess@drupal.org	https://www.synology.com/support/security/Synology_SA_18_17	Third Party Advisory
mlhess@drupal.org	https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103534	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040598	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/a2u/CVE-2018-7600	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/g0rx/CVE-2018-7600-Drupal-RCE	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://greysec.net/showthread.php?tid=2912&pid=10561	Broken Link, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.drupal.org/security/faq-2018-002	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.checkpoint.com/uncovering-drupalgeddon-2/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/RicterZ/status/979567469726613504	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/RicterZ/status/984495201354854401	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/arancaytar/status/979090719003627521	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4156	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.drupal.org/sa-core-2018-002	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44448/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44449/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44482/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/support/security/Synology_SA_18_17	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600	US Government Resource

Impacted products

Vendor	Product	Version
drupal	drupal	*
drupal	drupal	*
drupal	drupal	*
drupal	drupal	*
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Drupal Core Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32918FBA-EEAE-4103-AD2A-0E1914790A2D",
              "versionEndIncluding": "7.57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB9AA188-842A-4465-833B-066371D5611E",
              "versionEndExcluding": "8.3.9",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C796B60-2568-4E1F-A4CC-710DF21924BD",
              "versionEndExcluding": "8.4.6",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE407010-FFFB-454E-B14A-56AD24B2997C",
              "versionEndExcluding": "8.5.1",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
    },
    {
      "lang": "es",
      "value": "Drupal en versiones anteriores a la 7.58, 8.x anteriores a la 8.3.9, 8.4.x anteriores a la 8.4.6 y 8.5.x anteriores a la 8.5.1 permite que los atacantes remotos ejecuten c\u00f3digo arbitrario debido a un problema que afecta a m\u00faltiples subsistemas con configuraciones de m\u00f3dulos por defecto o comunes."
    }
  ],
  "id": "CVE-2018-7600",
  "lastModified": "2025-10-31T22:05:42.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2018-03-29T07:29:00.260",
  "references": [
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103534"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040598"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/a2u/CVE-2018-7600"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Broken Link",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://groups.drupal.org/security/faq-2018-002"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/RicterZ/status/979567469726613504"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/RicterZ/status/984495201354854401"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/arancaytar/status/979090719003627521"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4156"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.drupal.org/sa-core-2018-002"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44448/"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44449/"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44482/"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_17"
    },
    {
      "source": "mlhess@drupal.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/a2u/CVE-2018-7600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://groups.drupal.org/security/faq-2018-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/RicterZ/status/979567469726613504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/RicterZ/status/984495201354854401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/arancaytar/status/979090719003627521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.drupal.org/sa-core-2018-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44448/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44449/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44482/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"
    }
  ],
  "sourceIdentifier": "mlhess@drupal.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7600 (GCVE-0-2018-7600)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature