Description
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce-GloBee Payment Gateway Security Bypass (1.1.1)
Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-39204)
WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7947)
WordPress Plugin RocketTheme RokBox Multiple Vulnerabilities (2.13)