All vulnerabilities
CVE-2018-7600 Known ransomware use
Drupal Core Remote Code Execution Vulnerability
Drupal — Drupal Core
- Added to KEV catalog
- 3 November 2021
- Federal remediation due date
- 3 May 2022
- Weakness classification (CWE)
- CWE-20
CISA Description
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-7600
More Drupal Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services