Drupal : Security Vulnerabilities Published In 2018 (Code Execution)

CVE-2018-7602

Known Exploited Vulnerability
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
Max Base Score
9.8
Published 2018-07-19
Updated 2021-04-20
EPSS 97.47%
KEV Added 2022-04-13

CVE-2018-7600

Public exploit exists
Known Exploited Vulnerability
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Max Base Score
9.8
Published 2018-03-29
Updated 2019-03-01
EPSS 97.56%
KEV Added 2021-11-03
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Max Base Score
9.8
Published 2018-08-06
Updated 2018-10-04
EPSS 7.39%
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
Max Base Score
9.8
Published 2018-03-29
Updated 2018-04-27
EPSS 2.56%
4 vulnerabilities found
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!