CVE-2018-7600
- Source
- https://cve.org/CVERecord?id=CVE-2018-7600
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7600.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7600
- Aliases
- Downstream
- Published
- 2018-03-29T07:29:00.260Z
- Modified
- 2026-03-10T14:43:46.459551Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600
- https://twitter.com/RicterZ/status/984495201354854401
- https://www.debian.org/security/2018/dsa-4156
- http://www.securitytracker.com/id/1040598
- https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
- https://twitter.com/RicterZ/status/979567469726613504
- https://twitter.com/arancaytar/status/979090719003627521
- https://github.com/a2u/CVE-2018-7600
- https://groups.drupal.org/security/faq-2018-002
- https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
- https://www.drupal.org/sa-core-2018-002
- https://www.synology.com/support/security/Synology_SA_18_17
- https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
- http://www.securityfocus.com/bid/103534
- https://greysec.net/showthread.php?tid=2912&pid=10561
- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- https://www.exploit-db.com/exploits/44448/
- https://research.checkpoint.com/uncovering-drupalgeddon-2/
- https://www.exploit-db.com/exploits/44449/
- https://www.exploit-db.com/exploits/44482/
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.57" }, { "introduced": "8.0.0" }, { "fixed": "8.3.9" }, { "introduced": "8.4.0" }, { "fixed": "8.4.6" }, { "introduced": "8.5.0" }, { "fixed": "8.5.1" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "9.0" } ] }