| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. |
|
| References |
| + |
https://www.drupal.org/sa-core-2018-002 |
| + |
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know |
| + |
https://github.com/drupal/drupal/commit/5ac8738fa69df34a0635f0907d661b509ff9a28f |
|
| Notes |
|