⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-04.

CVE-2018-7602Code Injection in Drupal Core

CWE-94Code Injection25 documents14 sources
Severity
9.8CRITICALNVD
OSV3.5
EPSS
94.4%
top 0.03%
CISA KEV
KEVRansomware
Added 2022-04-13
Due 2022-05-04
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Drupal CoreDrupalDebian Linux
Timeline
PublishedJul 19
KEV addedApr 13
KEV dueMay 4
Latest updateApr 23
CISA Required Action: Apply updates per vendor instructions.

Description

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5drupal/coreunspecified7.59+2
Packagistdrupal/core8.0.08.4.8+4
NVDdrupal/drupal7.07.59+2
Packagistdrupal/drupal7.07.59+2

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

7
OSV
Drupal Core Remote Code Execution Vulnerability2024-04-23
GHSA
Drupal Core Remote Code Execution Vulnerability2024-04-23
OSV
drupal7 vulnerabilities2021-03-15
OSV
CVE-2018-7602: A remote code execution vulnerability exists within multiple subsystems of Drupal 72018-07-19
CVEList
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-0042018-07-19

💥Exploits & PoCs

3
Exploit-DB
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)2018-04-30
Exploit-DB
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)2018-04-25
Nuclei
Drupal - Remote Code Execution

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Drupal RCE (CVE-2018-7602)2018-04-26

📋Vendor Advisories

4
CISA
Drupal Core Remote Code Execution Vulnerability2022-04-13
Ubuntu
Drupal vulnerabilities2021-03-15
Drupal
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-0042018-04-25
Drupal
Drupal 7 and 8 core critical release on April 25th, 2018 - PSA-2018-0032018-04-23

🕵️Threat Intelligence

4
Tenable
Drupalgeddon Attacks Continue on Sites Missing Security Updates (CVE-2018-7600, CVE-2018-7602)2018-11-20
Trendmicro
Drupal Bug Exploited to Deliver Monero-Mining Malware2018-06-21
Trendmicro
Drupal Bug Exploited to Deliver Monero-Mining Malware2018-06-21
Trendmicro
Drupal Bug Exploited to Deliver Monero-Mining Malware2018-06-21

💬Community

4
Bugzilla
CVE-2018-7602 drupal7: drupal: Remote code execution vulnerability SA-CORE-2018-004 [fedora-all]2018-04-26
Bugzilla
CVE-2018-7602 drupal8: drupal: Remote code execution vulnerability SA-CORE-2018-004 [fedora-all]2018-04-26
Bugzilla
CVE-2018-7602 drupal: Remote code execution vulnerability SA-CORE-2018-0042018-04-26
Bugzilla
CVE-2018-7602 drupal7: drupal: Remote code execution vulnerability SA-CORE-2018-004 [epel-all]2018-04-26
CVE-2018-7602 — Code Injection in Drupal Core | cvebase