CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Vendor | Product | Version | CPE |
---|---|---|---|
drupal | drupal | * | cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
www.securityfocus.com/bid/103534
www.securitytracker.com/id/1040598
badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
github.com/a2u/CVE-2018-7600
github.com/g0rx/CVE-2018-7600-Drupal-RCE
greysec.net/showthread.php?tid=2912&pid=10561
groups.drupal.org/security/faq-2018-002
lists.debian.org/debian-lts-announce/2018/03/msg00028.html
research.checkpoint.com/uncovering-drupalgeddon-2/
twitter.com/arancaytar/status/979090719003627521
twitter.com/RicterZ/status/979567469726613504
twitter.com/RicterZ/status/984495201354854401
www.debian.org/security/2018/dsa-4156
www.drupal.org/sa-core-2018-002
www.exploit-db.com/exploits/44448/
www.exploit-db.com/exploits/44449/
www.exploit-db.com/exploits/44482/
www.synology.com/support/security/Synology_SA_18_17
www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%