Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2018-7602
PUBLISHEDDrupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
- Vendor
- Drupal
- Product
- core
- Published
- Jul 19, 2018
- EPSS
- —
Description
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:P/I:P/A:P
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://www.exploit-db.com/exploits/44557/
- http://www.securitytracker.com/id/1040754
- https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html
- https://www.exploit-db.com/exploits/44542/
- https://www.debian.org/security/2018/dsa-4180
- https://www.drupal.org/sa-core-2018-004
- http://www.securityfocus.com/bid/103985
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 13, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-7602.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-02-18 08:51:09 UTC · 0 stars
github · Created 2020-06-25 12:06:07 UTC · 1 stars
github · Created 2018-10-29 12:08:53 UTC · 1 stars
github · Created 2018-07-12 05:08:14 UTC · 0 stars
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nuclei