Russian Vulnerability Scanner Database

Back to List

CVE-2018-7600

Scores

EPSS Score

0.9449

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Sources

debiannvdubuntu

CWEs

CWE-20

Related Vulnerabilities

BDU:2021-00549

Exploits

Exploit ID: 44448

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44448

Exploit ID: 44449

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44449

Exploit ID: 44482

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44482

Exploit ID: CVE-2018-7600

Source: github-poc

URL: https://github.com/user20252228/CVE-2018-7600.

Reference Links

http://www.securityfocus.com/bid/103534
http://www.securitytracker.com/id/1040598
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
https://github.com/a2u/CVE-2018-7600
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
https://greysec.net/showthread.php?tid=2912&pid=10561
https://groups.drupal.org/security/faq-2018-002
https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
https://research.checkpoint.com/uncovering-drupalgeddon-2/
https://twitter.com/RicterZ/status/979567469726613504
https://twitter.com/RicterZ/status/984495201354854401
https://twitter.com/arancaytar/status/979090719003627521
https://www.debian.org/security/2018/dsa-4156
https://www.drupal.org/sa-core-2018-002
https://www.exploit-db.com/exploits/44448/
https://www.exploit-db.com/exploits/44449/
https://www.exploit-db.com/exploits/44482/
https://www.synology.com/support/security/Synology_SA_18_17
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
http://www.securityfocus.com/bid/103534
http://www.securitytracker.com/id/1040598
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
https://github.com/a2u/CVE-2018-7600
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
https://greysec.net/showthread.php?tid=2912&pid=10561
https://groups.drupal.org/security/faq-2018-002
https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
https://research.checkpoint.com/uncovering-drupalgeddon-2/
https://twitter.com/RicterZ/status/979567469726613504
https://twitter.com/RicterZ/status/984495201354854401
https://twitter.com/arancaytar/status/979090719003627521
https://www.debian.org/security/2018/dsa-4156
https://www.drupal.org/sa-core-2018-002
https://www.exploit-db.com/exploits/44448/
https://www.exploit-db.com/exploits/44449/
https://www.exploit-db.com/exploits/44482/
https://www.synology.com/support/security/Synology_SA_18_17
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
https://www.drupal.org/sa-core-2018-002
https://groups.drupal.org/security/faq-2018-002
https://www.drupal.org/psa-2018-001
https://www.cve.org/CVERecord?id=CVE-2018-7600
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Vulnerable Software

Type: Configuration

Product: drupal7

Operating System: ubuntu artful 17.10

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: drupal7

Operating System: ubuntu trusty 14.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: drupal7

Operating System: ubuntu xenial 16.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: drupal7

Operating System: debian

Trait: 
{
  "fixed": "7.58-1"
}

Source: debian

Type: Configuration

Vendor: debian

Product: debian_linux

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: drupal

Product: drupal

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "7.57",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "8.3.9",
      "versionStartIncluding": "8.0.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "8.4.6",
      "versionStartIncluding": "8.4.0",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "8.5.1",
      "versionStartIncluding": "8.5.0",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd