CVE-2018-7602
Known exploited
Used for ransomware
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
Max CVSS
9.8
EPSS Score
97.46%
Published
2018-07-19
Updated
2021-04-20
CISA KEV Added
2022-04-13
CVE-2018-7600
Known exploited
Public exploit
Used for ransomware
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Max CVSS
9.8
EPSS Score
97.57%
Published
2018-03-29
Updated
2019-03-01
CISA KEV Added
2021-11-03
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Max CVSS
9.8
EPSS Score
6.57%
Published
2018-08-06
Updated
2018-10-04
3 vulnerabilities found