CVE-2018-7600: Drupal Core Remote Code Execution Vulnerability
First published: Tue Mar 27 2018(Updated: )
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Credit: mlhess@drupal.org mlhess@drupal.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/drupal/core | >=7.0<7.58>=8.0<8.3.9>=8.4<8.4.6>=8.5<8.5.1 | |
| composer/drupal/drupal | >=7.0<7.58>=8.0<8.3.9>=8.4<8.4.6>=8.5<8.5.1 | |
| debian/drupal7 | ||
| debian/drupal7 | <=7.32-1<=7.57-1 | 7.58-1 7.52-2+deb9u3 7.32-1+deb8u11 |
| Drupal Drupal | <=7.57 | |
| Drupal Drupal | >=8.0.0<8.3.9 | |
| Drupal Drupal | >=8.4.0<8.4.6 | |
| Drupal Drupal | >=8.5.0<8.5.1 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| composer/drupal/drupal | >=8.5<8.5.1 | 8.5.1 |
| composer/drupal/drupal | >=8.4<8.4.6 | 8.4.6 |
| composer/drupal/drupal | >=8.0<8.3.9 | 8.3.9 |
| composer/drupal/drupal | >=7.0<7.58 | 7.58 |
| composer/drupal/core | >=8.5.0<8.5.1 | 8.5.1 |
| composer/drupal/core | >=8.4.0<8.4.6 | 8.4.6 |
| composer/drupal/core | >=8.0<8.3.9 | 8.3.9 |
| composer/drupal/core | >=7.0<7.58 | 7.58 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
- https://www.drupal.org/psa-2018-001
- https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
- https://security-tracker.debian.org/tracker/CVE-2018-7600
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894259
- http://www.securityfocus.com/bid/103534
- http://www.securitytracker.com/id/1040598
- https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
- https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- https://github.com/a2u/CVE-2018-7600
- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- https://greysec.net/showthread.php?tid=2912&pid=10561
- https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
- https://research.checkpoint.com/uncovering-drupalgeddon-2/
- https://twitter.com/RicterZ/status/979567469726613504
- https://twitter.com/RicterZ/status/984495201354854401
- https://twitter.com/arancaytar/status/979090719003627521
- https://www.debian.org/security/2018/dsa-4156
- https://www.exploit-db.com/exploits/44448/
- https://www.exploit-db.com/exploits/44449/
- https://www.exploit-db.com/exploits/44482/
- https://www.synology.com/support/security/Synology_SA_18_17
- https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.exploit-db.com/exploits/44482
- https://www.exploit-db.com/exploits/44449
- https://www.exploit-db.com/exploits/44448
- https://research.checkpoint.com/uncovering-drupalgeddon-2
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml
- https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600
- https://github.com/advisories/GHSA-7fh9-933g-885p (Advisory)
Frequently Asked Questions
What is CVE-2018-7600?
CVE-2018-7600 is a vulnerability in Drupal Core that allows remote attackers to execute arbitrary code.
Which versions of Drupal are affected by CVE-2018-7600?
Drupal versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 are affected by CVE-2018-7600.
How severe is CVE-2018-7600?
CVE-2018-7600 has a severity rating of 9.8 out of 10.
How can I fix CVE-2018-7600?
To fix CVE-2018-7600, update Drupal Core to version 7.58, 8.3.9, 8.4.6, or 8.5.1.
Where can I find more information about CVE-2018-7600?
You can find more information about CVE-2018-7600 at the following references: [link 1](https://www.drupal.org/sa-core-2018-002), [link 2](http://www.securityfocus.com/bid/103534), [link 3](http://www.securitytracker.com/id/1040598).
- collector/friends-of-php
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2018-7600
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/title
- agent/remedy
- agent/weakness
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7fh9-933g-885p
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/last-modified-date
- agent/event
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- package-manager/composer
- package-manager/debian
- vendor/drupal
- canonical/drupal drupal
- version/drupal drupal/7.57
- version/drupal drupal/8.0.0
- version/drupal drupal/8.4.0
- version/drupal drupal/8.5.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- version/debian debian linux/9.0