PT-2018-18169 · Drupal+1 · Drupal+1

Blaklis

Published

2018-04-25

Updated

2025-08-27

CVE-2018-7602

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Drupal versions 7.x through 8.x

Description A remote code execution issue exists within multiple subsystems of Drupal. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. The issue is related to Drupal core and is being exploited in the wild.

Recommendations For versions 7.x and 8.x, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2026-04575

CVE-2018-7602

DLA-1365-1

DRUPAL-CORE-2018-004

DSA-4180-1

GHSA-297X-J9PM-XJGG

USN-4773-1

Affected Products

Drupal

Ubuntu

PT-2018-18169 · Drupal+1 · Drupal+1

CVE-2018-7602

Weakness Enumeration

Related Identifiers

Affected Products

References · 32