Back to search
CVE-2018-7600
Published: Mar 29, 2018
Modified: Oct 21, 2025
PUBLISHED
Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
| Vendor | Product | Versions |
|---|---|---|
n/a | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 | affected Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 |
References
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
x_refsource_MISC
1040598
vdb-entry
x_refsource_SECTRACK
https://twitter.com/arancaytar/status/979090719003627521
x_refsource_MISC
https://twitter.com/RicterZ/status/979567469726613504
x_refsource_MISC
https://www.drupal.org/sa-core-2018-002
x_refsource_CONFIRM
https://www.synology.com/support/security/Synology_SA_18_17
x_refsource_CONFIRM
https://github.com/a2u/CVE-2018-7600
x_refsource_MISC
44482
exploit
x_refsource_EXPLOIT-DB
https://research.checkpoint.com/uncovering-drupalgeddon-2/
x_refsource_MISC
https://groups.drupal.org/security/faq-2018-002
x_refsource_CONFIRM
DSA-4156
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update
mailing-list
x_refsource_MLIST
44448
exploit
x_refsource_EXPLOIT-DB
103534
vdb-entry
x_refsource_BID
https://greysec.net/showthread.php?tid=2912&pid=10561
x_refsource_MISC
https://twitter.com/RicterZ/status/984495201354854401
x_refsource_MISC
44449
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now