CVE-2018-7600
CRITICAL9.8⚠ KEVEPSS 94.5%Drupal Core Remote Code Execution Vulnerability
Published: 3/28/2018Modified: 12/10/2025Added to CISA KEV: 11/3/2021
Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Affected packages (5)
- Debian/drupal7from 0, < 7.14-2+deb7u18
- Debian/drupal7from 0, < 7.32-1+deb8u11
- Packagist/drupal/core>= 8.0.0, < 8.3.9 | >= 8.4.0, < 8.4.6 | >= 8.5.0, < 8.5.1
- Packagist/drupal/core>= 7.0, < 7.58
- Packagist/drupal/drupal>= 7.0, < 7.58
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
References (25)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-7600
- PATCHhttps://github.com/drupal/core
- WEBhttps://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600
- WEBhttps://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- WEBhttps://github.com/a2u/CVE-2018-7600
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml
- WEBhttps://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- WEBhttps://greysec.net/showthread.php?tid=2912&pid=10561
- WEBhttps://groups.drupal.org/security/faq-2018-002
- WEBhttps://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
- WEBhttps://research.checkpoint.com/uncovering-drupalgeddon-2
- WEBhttps://twitter.com/arancaytar/status/979090719003627521
- WEBhttps://twitter.com/RicterZ/status/979567469726613504
- WEBhttps://twitter.com/RicterZ/status/984495201354854401
- WEBhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600
- WEBhttps://www.debian.org/security/2018/dsa-4156
- WEBhttps://www.drupal.org/sa-core-2018-002
- WEBhttps://www.exploit-db.com/exploits/44448
- WEBhttps://www.exploit-db.com/exploits/44449
- WEBhttps://www.exploit-db.com/exploits/44482
- WEBhttps://www.synology.com/support/security/Synology_SA_18_17
- WEBhttps://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
- WEBhttp://www.securityfocus.com/bid/103534
- WEBhttp://www.securitytracker.com/id/1040598