CVE-2018-7600

CWE-20 — Improper Input Validation29 documents18 sources

9.8

CVSS

CRITICAL

EPSS94.5%(100th)

CISA KEVPublic ExploitExploited in WildRansomware Use

CISA Required Action: Apply updates per vendor instructions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶Packagistdrupal/core7.0 — 7.58+4

▶NVDdrupal/drupal8.0.0 — 8.3.9+3

▶Packagistdrupal/drupal7.0 — 7.58+3

▶Ubuntudrupal7< 7.26-1ubuntu0.1+esm1+1

Also affects: Debian Linux 7.0, 8.0, 9.0

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

NVD ↗MITRE ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Drupal Core Remote Code Execution Vulnerability↗2022-05-14

▶

OSV

Drupal Core Remote Code Execution Vulnerability↗2022-05-14

▶

OSV

drupal7 vulnerabilities↗2021-03-15

▶

OSV

CVE-2018-7600: Drupal before 7↗2018-03-29

▶

CVEList

CVE-2018-7600: Drupal before 7↗2018-03-29

▶

💥Exploits & PoCs

Exploit-DB

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)↗2018-04-17

▶

Exploit-DB

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)↗2018-04-13

▶

Exploit-DB

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution↗2018-04-13

▶

Nuclei

Drupal - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS [eSentire] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)↗2018-07-10

▶

Suricata

ET WEB_SPECIFIC_APPS Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)↗2018-04-26

▶

Suricata

ET WEB_SPECIFIC_APPS [PT OPEN] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)↗2018-04-13

▶

📋Vendor Advisories

CISA

Drupal Core Remote Code Execution Vulnerability↗2021-11-03

▶

Ubuntu

Drupal vulnerabilities↗2021-03-15

▶

Drupal

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002↗2018-03-28

▶

Drupal

Drupal 7 and 8 core highly critical release on March 28th, 2018 - PSA-2018-001↗2018-03-21

▶

🕵️Threat Intelligence

Tenable

Drupalgeddon Attacks Continue on Sites Missing Security Updates (CVE-2018-7600, CVE-2018-7602)↗2018-11-20

▶

Unit42

Exploit in the Wild: #drupalgeddon2 - Analysis of CVE-2018-7600↗2018-05-01

▶

Unit42

Exploit in the Wild: #drupalgeddon2 - Analysis of CVE-2018-7600↗2018-05-01

▶

Volexity

Drupalgeddon 2: Profiting from Mass Exploitation↗2018-04-16

▶

Volexity

Drupalgeddon 2: Profiting from Mass Exploitation↗2018-04-16

▶

💬Community

HackerOne

[CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████↗2021-03-24

▶

BugTraq

[SECURITY] [DSA 4156-1] drupal7 security update↗2018-03-28

▶