Vulnerability CVE-2018-7600


Published: 2018-03-29

Description:
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

See advisories in our WLB2 database:
Topic
Author
Date
High
Drupal 0day Remote PHP Code Execution (Python)
Vitalii Rudnykh
13.04.2018
High
Drupal 0day Remote PHP Code Execution (curl)
i_bo0om
13.04.2018
High
Drupal Drupalgeddon2 Remote Code Execution (Ruby)
Hans Topo
13.04.2018
High
Drupal 0day Remote PHP Code Execution (Perl)
GIST
14.04.2018

Type:

CWE-20

(Improper Input Validation)

Vendor: Debian
Product: Debian linux 
Version:
9.0
8.0
7.0
Vendor: Drupal
Product: Drupal 
Version:
8.3.0
8.2.7
8.2.6
8.2.5
8.2.4
8.2.3
8.2.2
8.2.1
8.2.0
8.1.9
8.1.8
8.1.7
8.1.6
8.1.5
8.1.4
8.1.3
8.1.2
8.1.10
8.1.1
8.1.0
8.0.6
8.0.5
8.0.4
8.0.3
8.0.2
8.0.1
8.0.0
7.57

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/103534
http://www.securitytracker.com/id/1040598
https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
https://github.com/a2u/CVE-2018-7600
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
https://greysec.net/showthread.php?tid=2912&pid=10561
https://groups.drupal.org/security/faq-2018-002
https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
https://research.checkpoint.com/uncovering-drupalgeddon-2/
https://twitter.com/arancaytar/status/979090719003627521
https://twitter.com/RicterZ/status/979567469726613504
https://twitter.com/RicterZ/status/984495201354854401
https://www.debian.org/security/2018/dsa-4156
https://www.drupal.org/sa-core-2018-002
https://www.exploit-db.com/exploits/44448/
https://www.exploit-db.com/exploits/44449/
https://www.exploit-db.com/exploits/44482/
https://www.synology.com/support/security/Synology_SA_18_17
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know

Related CVE
CVE-2018-9861
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to...
CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
CVE-2018-9205
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
CVE-2014-5170
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
CVE-2017-6932
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick ...
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability wa...
CVE-2017-6928
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is...
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through T...

Copyright 2018, cxsecurity.com

 

Back to Top