A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/103985 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1040754 | Third Party Advisory VDB Entry |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html | Mailing List Third Party Advisory |
| https://www.debian.org/security/2018/dsa-4180 | Third Party Advisory |
| https://www.drupal.org/sa-core-2018-004 | Patch Vendor Advisory |
| https://www.exploit-db.com/exploits/44542/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/44557/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Apr 2021, 12:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html - Mailing List, Third Party Advisory |
Information
Published : 2018-07-19 17:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-7602
Mitre link : CVE-2018-7602
CVE.ORG link : CVE-2018-7602
JSON object : View
Products Affected
drupal
- drupal
debian
- debian_linux
CWE