Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Remediation

References

CVE-2018-7600

Related Vulnerabilities

MySQL CVE-2019-2746 Vulnerability (CVE-2019-2746)

WordPress Plugin link-list-manager Cross-Site Scripting (1.0)

ownCloud Other Vulnerability (CVE-2012-5609)

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.3.11)

WordPress Plugin Gift Certificate Creator Cross-Site Scripting (1.0.0)

Severity

Critical

Classification

CVE-2018-7600 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities