Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Remediation

References

CVE-2018-7600

Related Vulnerabilities

WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)

WordPress Plugin Rimons Twitter Widget Cross-Site Scripting (1.2.4)

Oracle Application Server Other Vulnerability (CVE-2004-1369)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-11993)

MySQL CVE-2019-2796 Vulnerability (CVE-2019-2796)

Severity

Critical

Classification

CVE-2018-7600 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities