Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Remediation

References

CVE-2018-7600

Related Vulnerabilities

WordPress Plugin Shopello API Cross-Site Scripting (2.9.0)

WordPress Plugin MapSVG Lite Cross-Site Request Forgery (4.2.4)

Joomla! Core 3.9.x Cross-Site Request Forgery (3.9.0 - 3.9.19)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)

MySQL CVE-2018-3162 Vulnerability (CVE-2018-3162)

Severity

Critical

Classification

CVE-2018-7600 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities