Back to KEVs

CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 01, 2018
Published Date: March 29, 2018
Last Updated: February 07, 2025
Vendor: n/a
Product: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1
Description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-10-27 03:09:48 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://github.com/g0rx/CVE-2018-7600-Drupal-RCE http://www.securitytracker.com/id/1040598 https://twitter.com/arancaytar/status/979090719003627521 https://twitter.com/RicterZ/status/979567469726613504 https://www.drupal.org/sa-core-2018-002 https://www.synology.com/support/security/Synology_SA_18_17 https://github.com/a2u/CVE-2018-7600 https://www.exploit-db.com/exploits/44482/ https://research.checkpoint.com/uncovering-drupalgeddon-2/ https://groups.drupal.org/security/faq-2018-002 https://www.debian.org/security/2018/dsa-4156 https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html https://www.exploit-db.com/exploits/44448/ http://www.securityfocus.com/bid/103534 https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/ https://greysec.net/showthread.php?tid=2912&pid=10561 https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714 https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know https://twitter.com/RicterZ/status/984495201354854401 https://www.exploit-db.com/exploits/44449/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb	2025-04-29 11:01:27 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-7600.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

drupal_drupalgeddon2

Type: metasploit • Created: Unknown

Metasploit module for CVE-2018-7600

user20252228/CVE-2018-7600.

Type: github • Created: 2025-03-19 05:28:51 UTC • Stars: 0

CVE-2018-7600.

raytran54/CVE-2018-7600

Type: github • Created: 2024-06-12 06:40:17 UTC • Stars: 0

killeveee/CVE-2018-7600

Type: github • Created: 2024-02-01 05:30:19 UTC • Stars: 1

CVE-2018-7600 漏洞验证和利用

r0lh/CVE-2018-7600

Type: github • Created: 2022-12-17 11:11:47 UTC • Stars: 0

Drupal CVE-2018-7600 RCE Pseudo-Shell PoC

anldori/CVE-2018-7600

Type: github • Created: 2022-04-25 08:46:00 UTC • Stars: 0

vphnguyen/ANM_CVE-2018-7600

Type: github • Created: 2021-11-26 03:25:50 UTC • Stars: 0

Detect with python and tracking IP

rafaelcaria/drupalgeddon2-CVE-2018-7600

Type: github • Created: 2021-10-27 03:09:48 UTC • Stars: 0

0xAJ2K/CVE-2018-7600

Type: github • Created: 2021-06-05 09:49:56 UTC • Stars: 1

Drupal 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.