Описание
Drupal Core Remote Code Execution Vulnerability
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
- https://www.synology.com/support/security/Synology_SA_18_17
- https://www.exploit-db.com/exploits/44482
- https://www.exploit-db.com/exploits/44449
- https://www.exploit-db.com/exploits/44448
- https://www.drupal.org/sa-core-2018-002
- https://www.debian.org/security/2018/dsa-4156
- https://twitter.com/arancaytar/status/979090719003627521
- https://twitter.com/RicterZ/status/984495201354854401
- https://twitter.com/RicterZ/status/979567469726613504
- https://research.checkpoint.com/uncovering-drupalgeddon-2
- https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html
- https://groups.drupal.org/security/faq-2018-002
- https://greysec.net/showthread.php?tid=2912&pid=10561
- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- https://github.com/a2u/CVE-2018-7600
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-7600.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-7600.yaml
- https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600
- http://www.securityfocus.com/bid/103534
- http://www.securitytracker.com/id/1040598
Пакеты
drupal/core
>= 7.0, < 7.58
7.58
drupal/core
>= 8.0, < 8.3.9
8.3.9
drupal/core
>= 8.4.0, < 8.4.6
8.4.6
drupal/core
>= 8.5.0, < 8.5.1
8.5.1
drupal/drupal
>= 7.0, < 7.58
7.58
drupal/drupal
>= 8.0, < 8.3.9
8.3.9
drupal/drupal
>= 8.4, < 8.4.6
8.4.6
drupal/drupal
>= 8.5, < 8.5.1
8.5.1
Связанные уязвимости
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x be ...
Уязвимость ядра CMS-системы Drupal, позволяющая нарушителю выполнить произвольный код и перехватить контроль над сайтом