Drupal Unauthenticated Remote Code Execution Vulnerability CVE-2018-7600 (version 19 April 2018)

Abstract: On March 28, 2018, the Drupal project announced that a vulnerability had been discovered in Drupal 7.x and 8.5.x (as well as prior, unsupported versions) that allows an unauthenticated attacker to execute arbitrary commands on Drupal installations. In some situations, Drupal installations not directly connected to the Internet could be vulnerable to exploitation through a Cross-Site Request Forgery (CSRF) attack.

Date Published:

Last Reviewed: 23 April 2018

Version: 19 April 2018

Identifier: IAA U/OO/144343-18

Dissemination Control: N/A

Length: 2 page(s)

Format: pdf

Type: Advisory/Alert; IA Technical Advisory

Tags: Advisory; Vulnerability; Exploitation; Anti-Exploitation; Mitigations