|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-05-25 | |
| Rule Name: | Drupal Core PHP Deserialization Remote Code Execution Vulnerability (CVE-2018-7600) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux | |
| Reference: | SecurityFocusBID:103534 ExploitDB:44448 ExploitDB:44482 SecurityTrackerID:1040598 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.drupal.org/sa-core-2018-002 |