Name of the Vulnerable Software and Affected Versions:

Drupal versions prior to 7.58

Drupal versions 8.x prior to 8.3.9

Drupal versions 8.4.x prior to 8.4.6

Drupal versions 8.5.x prior to 8.5.1

Description:

The issue is related to insufficient input validation in the Drupal CMS system, allowing a remote attacker to execute arbitrary code and potentially take control of a site using a specially crafted HTTP request. This is due to a problem affecting multiple subsystems with default or common module configurations.

Recommendations:

For Drupal versions prior to 7.58, update to version 7.58 or later.

For Drupal versions 8.x prior to 8.3.9, update to version 8.3.9 or later.

For Drupal versions 8.4.x prior to 8.4.6, update to version 8.4.6 or later.

For Drupal versions 8.5.x prior to 8.5.1, update to version 8.5.1 or later.