Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Remediation
References
Related Vulnerabilities
WordPress Plugin Digital River Global Commerce Supply Chain Attack [Polyfill.io] (2.0.2)
WordPress Plugin Google Calendar Events Cross-Site Scripting (2.0.3.1)
Joomla! Core 2.5.x Denial of Service (2.5.0 - 2.5.9)
MediaWiki Use of Hard-coded Credentials Vulnerability (CVE-2012-4381)
WordPress Plugin Meow Gallery (+ Gallery Block) Security Bypass (4.1.9)