CVE-2018-7602: Drupal Core Remote Code Execution Vulnerability
(updated )
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7602.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7602.yaml
- github.com/advisories/GHSA-297x-j9pm-xjgg
- github.com/drupal/core
- lists.debian.org/debian-lts-announce/2018/04/msg00030.html
- nvd.nist.gov/vuln/detail/CVE-2018-7602
- www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7602
- www.debian.org/security/2018/dsa-4180
- www.drupal.org/sa-core-2018-004
- www.exploit-db.com/exploits/44542
- www.exploit-db.com/exploits/44557
Code Behaviors & Features
Detect and mitigate CVE-2018-7602 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →