Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Remediation

References

CVE-2018-7600

Related Vulnerabilities

Oracle Application Server CVE-2008-0343 Vulnerability (CVE-2008-0343)

Jenkins Improper Input Validation Vulnerability (CVE-2018-1999001)

PHP unspecified remote arbitrary file upload vulnerability

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

WordPress Plugin Share, Print and PDF Products for WooCommerce Security Bypass (2.7.2)

Severity

Critical

Classification

CVE-2018-7600 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities