Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
[
{
"product": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
}
]
}
]
www.securityfocus.com/bid/103534
www.securitytracker.com/id/1040598
badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
github.com/a2u/CVE-2018-7600
github.com/g0rx/CVE-2018-7600-Drupal-RCE
greysec.net/showthread.php?tid=2912&pid=10561
groups.drupal.org/security/faq-2018-002
lists.debian.org/debian-lts-announce/2018/03/msg00028.html
research.checkpoint.com/uncovering-drupalgeddon-2/
twitter.com/arancaytar/status/979090719003627521
twitter.com/RicterZ/status/979567469726613504
twitter.com/RicterZ/status/984495201354854401
www.debian.org/security/2018/dsa-4156
www.drupal.org/sa-core-2018-002
www.exploit-db.com/exploits/44448/
www.exploit-db.com/exploits/44449/
www.exploit-db.com/exploits/44482/
www.synology.com/support/security/Synology_SA_18_17
www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know