Lucene search

K
nessusTenable700230.PRM
HistoryMar 29, 2018 - 12:00 a.m.

Drupal 8.5.x < 8.5.1 RCE

2018-03-2900:00:00
Tenable
www.tenable.com
12

The version of Drupal installed on the remote server is 8.5.x prior to 8.5.1, and is affected by a flaw in the β€˜preHandle()’ function in β€˜core/lib/Drupal/Core/DrupalKernel.php’ that is triggered as certain parameter keys within HTTP requests are not properly sanitized. This may allow a remote attacker to execute arbitrary code. This issue may be exploited using multiple unspecified attack vectors.

Binary data 700230.prm
VendorProductVersion
drupaldrupal