CVE-2018-7600
CRITICAL9.8⚠ KEVEPSS 94.5%drupal7 - security update
發布日:2018/3/28修改日:2026/3/9加入 CISA KEV 日:2021/11/3
描述
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
受影響套件(5)
- Debian/drupal7from 0, < 7.14-2+deb7u18
- Debian/drupal7from 0, < 7.32-1+deb8u11
- Packagist/drupal/core>= 8.0.0, < 8.3.9 | >= 8.4.0, < 8.4.6 | >= 8.5.0, < 8.5.1
- Packagist/drupal/core>= 7.0, < 7.58
- Packagist/drupal/drupal>= 7.0, < 7.58
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
參考連結(25)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-7600
- PATCHhttps://github.com/drupal/core
- WEBhttps://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600
- WEBhttps://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- WEBhttps://github.com/a2u/CVE-2018-7600
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml
- WEBhttps://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- WEBhttps://greysec.net/showthread.php?tid=2912&pid=10561
- WEBhttps://groups.drupal.org/security/faq-2018-002
- WEBhttps://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
- WEBhttps://research.checkpoint.com/uncovering-drupalgeddon-2
- WEBhttps://twitter.com/arancaytar/status/979090719003627521
- WEBhttps://twitter.com/RicterZ/status/979567469726613504
- WEBhttps://twitter.com/RicterZ/status/984495201354854401
- WEBhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600
- WEBhttps://www.debian.org/security/2018/dsa-4156
- WEBhttps://www.drupal.org/sa-core-2018-002
- WEBhttps://www.exploit-db.com/exploits/44448
- WEBhttps://www.exploit-db.com/exploits/44449
- WEBhttps://www.exploit-db.com/exploits/44482
- WEBhttps://www.synology.com/support/security/Synology_SA_18_17
- WEBhttps://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
- WEBhttp://www.securityfocus.com/bid/103534
- WEBhttp://www.securitytracker.com/id/1040598