Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Remediation
References
Related Vulnerabilities
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)
MySQL CVE-2021-2022 Vulnerability (CVE-2021-2022)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-3294)
WordPress Plugin Package Quantity Discount Security Bypass (1.1.2)
XWiki Insufficiently Protected Credentials Vulnerability (CVE-2022-41933)