Drupal is an open source content management platform powering millions of websites and applications. It=EF=BF=BD=EF=BF=BD=EF=BF=BDs built, used, and supported by an active and diverse community of people around the world.

OSVersionArchitecturePackageVersionFilename
Fedora27anydrupal8< 8.4.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Fedora	27	any	drupal8	< 8.4.8	UNKNOWN

openvas 29

fedora 19

nessus 27

thn 5

malwarebytes 1

freebsd 2

impervablog 3

veracode 6

osv 13

cve 7

ubuntucve 4

prion 7

github 1

checkpoint_advisories 3

threatpost 9

exploitpack 5

dsquare 3

ibm 2

zdt 6

debian 6

debiancve 3

f5 2

drupal 1

seebug 3

attackerkb 2

archlinux 2

packetstorm 6

alpinelinux 2

cisa_kev 2

nuclei 2

ubuntu 1

qualysblog 3

hackerone 1

metasploit 1

saint 3

wallarmlab 1

exploitdb 5

githubexploit 1

openvas

Fedora Update for drupal8 FEDORA-2018-8fd924a53d

2018-05-16 00:00:00

Fedora Update for drupal8 FEDORA-2018-7d748596e9

2018-12-04 00:00:00

Fedora Update for drupal8 FEDORA-2019-6a0717dc9a

2019-03-08 00:00:00

fedora

[SECURITY] Fedora 28 Update: drupal8-8.6.2-1.fc28

2018-12-03 01:39:06

[SECURITY] Fedora 28 Update: drupal8-8.6.10-1.fc28

2019-03-07 20:06:44

[SECURITY] Fedora 28 Update: drupal8-8.4.8-1.fc28

2018-05-09 21:27:49

nessus

Fedora 26 : drupal8 (2018-922cc2fbaa) (Drupalgeddon 2)

2018-04-24 00:00:00

Fedora 28 : drupal8 (2018-906ba26b4d) (Drupalgeddon 2)

2019-01-03 00:00:00

Drupal 8.x < 8.4.5 Multiple Vulnerabilities (SA-CORE-2018-001)

2018-03-01 00:00:00

thn

Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

2018-04-26 12:32:00

Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately

2018-04-25 16:41:00

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

2018-06-05 08:06:00

malwarebytes

A look into Drupalgeddon’s client-side attacks

2018-05-18 15:00:00

freebsd

drupal -- Drupal Core - Multiple Vulnerabilities

2018-02-21 00:00:00

drupal -- Drupal Core - Multiple Vulnerabilities

2018-03-13 00:00:00

impervablog

The State of Web Application Vulnerabilities in 2018

2019-01-09 14:00:26

Drupalgeddon 2.0: Are Hackers Slacking Off?

2018-04-13 19:13:25

How Imperva’s New Attack Crowdsourcing Secures Your Business’s Applications

2019-02-13 12:52:46

veracode

Remote Code Execution (RCE)

2018-04-26 10:18:46

Access Restriction Bypass

2018-05-31 05:06:29

Unauthorized Access

2018-05-31 04:23:58

osv

Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)

2022-05-14 00:56:02

CVE-2018-9861

2018-04-19 17:29:00

drupal7 vulnerabilities

2021-03-15 20:17:24

cve

CVE-2018-9861

2018-04-19 17:29:00

CVE-2017-6930

2018-03-01 23:29:00

CVE-2018-7602

2018-07-19 17:29:00

ubuntucve

CVE-2018-9861

2018-04-19 00:00:00

CVE-2018-7602

2018-07-19 00:00:00

CVE-2017-6927

2018-03-01 00:00:00

prion

Cross site scripting

2018-04-19 17:29:00

Design/Logic Flaw

2018-03-01 23:29:00

Remote code execution

2018-07-19 17:29:00

github

Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)

2022-05-14 00:56:02

checkpoint_advisories

Drupal Core Remote Code Execution (CVE-2018-7602)

2018-04-26 00:00:00

Drupal Core Form Rendering Remote Code Execution (CVE-2018-7600)

2020-11-05 00:00:00

Drupal Core Remote Code Execution (CVE-2018-7600)

2018-03-29 00:00:00

threatpost

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

2018-04-24 18:34:37

Drupal Issues Highly Critical Patch: Over 1M Sites Vulnerable

2018-03-29 15:58:28

Drupalgeddon 2.0 Still Haunting 115K+ Sites

2018-06-05 18:24:29

exploitpack

Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code Execution (PoC)

2018-04-25 00:00:00

Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code (Metasploit)

2018-04-30 00:00:00

Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (PoC)

2018-04-13 00:00:00

dsquare

Drupal 7 SA-CORE-2018-004 RCE

2018-05-08 00:00:00

Drupal 7 SA-CORE-2018-002 RCE

2018-05-08 00:00:00

Drupal 8 SA-CORE-2018-002 RCE

2018-05-08 00:00:00

ibm

Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602)

2018-06-15 07:09:14

Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

2018-06-15 07:09:07

zdt

Drupal < 7.58 - drupalgeddon3 Authenticated Remote Code Execution (PoC) Exploit

2018-04-26 00:00:00

Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit

2018-05-01 00:00:00

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - Drupalgeddon2 Remote Code Execution Exploit

2018-04-18 00:00:00

debian

[SECURITY] [DLA 1365-1] drupal7 security update

2018-04-26 09:28:04

[SECURITY] [DSA 4180-1] drupal7 security update

2018-04-25 20:13:52

[SECURITY] [DSA 4180-1] drupal7 security update

2018-04-25 20:13:52

debiancve

CVE-2018-7602

2018-07-19 17:29:00

CVE-2018-7600

2018-03-29 07:29:00

CVE-2017-6927

2018-03-01 23:29:00

K59591931 : Drupal vulnerability CVE-2018-7602

2018-04-30 00:00:00

K22854260 : Drupal vulnerability CVE-2018-7600

2018-03-29 00:00:00

drupal

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

2018-04-25 00:00:00

seebug

Drupal core Remote Code Execution(CVE-2018-7602)

2018-04-26 00:00:00

Drupal 8 – CVE-2017-6926漏洞详解

2018-04-03 00:00:00

Drupal core Remote Code Execution(CVE-2018-7600) (Drupalgeddon2)

2018-03-30 00:00:00

attackerkb

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

2018-07-19 00:00:00

Drupalgeddon 2

2018-03-29 00:00:00

archlinux

[ASA-201804-10] drupal: arbitrary command execution

2018-04-27 00:00:00

[ASA-201804-1] drupal: arbitrary code execution

2018-04-01 00:00:00

packetstorm

Drupal drupgeddon3 Remote Code Execution

2018-04-26 00:00:00

Drupalgeddon3 Remote Code Execution

2018-04-30 00:00:00

Drupalgeddon2 Drupal Remote Code Execution

2018-04-17 00:00:00

alpinelinux

CVE-2018-7602

2018-07-19 17:29:00

CVE-2018-7600

2018-03-29 07:29:00

cisa_kev

Drupal Core Remote Code Execution Vulnerability

2022-04-13 00:00:00

Drupal Core Remote Code Execution Vulnerability

2021-11-03 00:00:00

nuclei

Drupal - Remote Code Execution

2022-02-04 19:09:58

Drupal - Remote Code Execution

2021-02-15 13:33:33

ubuntu

Drupal vulnerabilities

2021-03-15 00:00:00

qualysblog

Staying Safe in the Era of Browser-based Cryptocurrency Mining

2018-07-25 17:00:02

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

2018-08-23 20:27:19

Microsoft Misfires with Meltdown Patch, while WannaCry Pops Up at Boeing

2018-04-02 18:02:51

hackerone

U.S. Dept Of Defense: [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████

2020-12-21 07:51:14

metasploit

Drupal Drupalgeddon 2 Forms API Property Injection

2018-04-18 00:05:45

saint

Drupal Form API command execution

2018-04-25 00:00:00

Drupal Form API command execution

2018-04-25 00:00:00

Drupal Form API command execution

2018-04-25 00:00:00

wallarmlab

Drupalgeddon Two.

2018-04-20 19:31:22

exploitdb

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)

2018-04-25 00:00:00

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)

2018-04-30 00:00:00

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

2018-04-13 00:00:00

githubexploit

Exploit for Improper Input Validation in Drupal

2020-08-31 22:55:18

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for FEDORA:17401605E206