VDB
CVE-2018-7602
CVE-2018-7602
PUBLISHED
KEV
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
EPSS 94.38% · 100.0th percentile
Risk Scores
EPSS Score
94.38%
100.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | drupal7 | 7.23-1, 7.24-1, 7.24-2 |
| Ubuntu:Pro:16.04:LTS | drupal7 | 0, 7.41-1, * |
Timeline
- Mar 29, 2018 CVE Published
- Apr 25, 2018 PoC Published
- Apr 26, 2018 PoC Published
- Apr 26, 2018 PoC Published
- Apr 26, 2018 PoC Published
- Apr 30, 2018 PoC Published
- Apr 30, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-7602 third-party-advisory
- https://www.drupal.org/psa-2018-003 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-7602 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory
- https://ubuntu.com/security/notices/USN-4773-1 vendor-advisory
- Multiples vulnérabilités dans Drupal advisory