CVE-2018-7602
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 01, 2018
- Published Date
- July 19, 2018
- Last Updated
- February 07, 2025
- Vendor
- Drupal
- Product
- core
- Description
- A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
https://www.exploit-db.com/exploits/44557/
http://www.securitytracker.com/id/1040754
https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html
https://www.exploit-db.com/exploits/44542/
https://www.debian.org/security/2018/dsa-4180
https://www.drupal.org/sa-core-2018-004
http://www.securityfocus.com/bid/103985
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-04-13 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-7602.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
132231g/CVE-2018-7602
Type: github • Created: 2024-02-18 08:51:09 UTC • Stars: 0
cyberharsh/DrupalCVE-2018-7602
Type: github • Created: 2020-06-25 12:06:07 UTC • Stars: 1
kastellanos/CVE-2018-7602
Type: github • Created: 2018-10-29 12:08:53 UTC • Stars: 1
happynote3966/CVE-2018-7602
Type: github • Created: 2018-07-12 05:08:14 UTC • Stars: 0