VDB
CVE-2018-7600
CVE-2018-7600
PUBLISHED
KEV
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
EPSS 94.49% · 100.0th percentile
Risk Scores
EPSS Score
94.49%
100.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | drupal7 | 7.38-1, 7.41-1, 0 |
| Ubuntu:Pro:14.04:LTS | drupal7 | 7.26-1, 0, 7.26-1ubuntu0.1 |
Timeline
- CVE Published
- Apr 13, 2018 PoC Published
- Apr 13, 2018 PoC Published
- Apr 17, 2018 PoC Published
- Apr 18, 2018 PoC Published
- Apr 26, 2018 PoC Published
- Apr 26, 2018 PoC Published
- Jul 10, 2018 PoC Published
- Mar 2, 2019 PoC Published
- Mar 24, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-7600 third-party-advisory
- https://www.drupal.org/sa-core-2018-002 third-party-advisory
- https://groups.drupal.org/security/faq-2018-002 third-party-advisory
- https://www.drupal.org/psa-2018-001 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-7600 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory
- https://ubuntu.com/security/notices/USN-4773-1 vendor-advisory
- Multiples vulnérabilités dans Drupal advisory