CVE-2018-7602 in Drupal and Debian Products
Published on July 19, 2018
Known Exploited Vulnerability
This Drupal Core Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
The following remediation steps are recommended / required by May 4, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2018-7602 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2018-7602
You can be notified by stack.watch whenever vulnerabilities like CVE-2018-7602 are published in these products:
What versions are vulnerable to CVE-2018-7602?
- Drupal Version 7.0 Fixed in Version 7.59
- Drupal Version 8.4.0 Fixed in Version 8.4.8
- Drupal Version 8.5.0 Fixed in Version 8.5.3
- Debian Linux Version 7.0
- Debian Linux Version 8.0
- Debian Linux Version 9.0