Back to search
CVE-2018-7602
Published: Jul 19, 2018
Modified: Dec 17, 2025
PUBLISHED
Description
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
| Vendor | Product | Versions |
|---|---|---|
Drupal | core | affected unspecified - < 7.59affected unspecified - < 8.5.3affected unspecified - < 8.4.8 |
References
44557
exploit
x_refsource_EXPLOIT-DB
1040754
vdb-entry
x_refsource_SECTRACK
[debian-lts-announce] 20180426 [SECURITY] [DLA 1365-1] drupal7 security update
mailing-list
x_refsource_MLIST
44542
exploit
x_refsource_EXPLOIT-DB
DSA-4180
vendor-advisory
x_refsource_DEBIAN
https://www.drupal.org/sa-core-2018-004
x_refsource_CONFIRM
103985
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now