0.976 High
EPSS
Percentile
100.0%
drupal/core is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the lack of sanitization applied to URL endpoints where array objects can be supplied to request parameters, allowing a potential compromise of the PHP application, and even the underlying operating system (OS).
CPE | Name | Operator | Version |
---|---|---|---|
drupal/core | le | 8.5.0 | |
drupal/core | le | 8.4.5 | |
drupal/core | le | 8.3.8 |
0.976 High
EPSS
Percentile
100.0%