It was discovered that Drupal did not properly process certain input. An
attacker could use this vulnerability to execute arbitrary code or
completely compromise a Drupal site. (CVE-2018-7600, CVE-2018-7602)

It was discovered that password reset URLs in Drupal could be forged. An
attacker could use this vulnerability to gain access to another user’s
account. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2559)

It was discovered that Drupal did not properly protect against open
redirects. An attacker could use this vulnerability to send unsuspecting
users to 3rd party sites and potentially carry out phishing attacks.
This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2749, CVE-2015-2750)

References

ubuntu.com/security/CVE-2015-2559

ubuntu.com/security/CVE-2015-2749

ubuntu.com/security/CVE-2015-2750

ubuntu.com/security/CVE-2018-7600

ubuntu.com/security/CVE-2018-7602

ubuntu.com/security/notices/USN-4773-1

ubuntu 1

openvas 29

nessus 20

mageia 1

drupal 2

thn 6

malwarebytes 1

impervablog 3

veracode 2

prion 5

securityvulns 3

ubuntucve 5

debian 7

archlinux 3

cve 5

debiancve 5

f5 2

fedora 16

seebug 2

osv 8

attackerkb 2

packetstorm 6

nuclei 2

cisa_kev 2

alpinelinux 2

github 2

checkpoint_advisories 3

dsquare 3

threatpost 11

exploitpack 5

ibm 2

zdt 6

saint 3

metasploit 1

hackerone 1

qualysblog 3

freebsd 1

wallarmlab 1

exploitdb 5

githubexploit 1

hivepro 1

avleonov 1

securelist 1

kitploit 4

talosblog 2

fireeye 1

ics 1

ubuntu

Drupal vulnerabilities

2021-03-15 00:00:00

openvas

Ubuntu: Security Advisory (USN-4773-1)

2023-01-27 00:00:00

Drupal Core Multiple Vulnerabilities (SA-CORE-2015-001) - Linux

2017-09-19 00:00:00

Drupal Core Multiple Vulnerabilities (SA-CORE-2015-001) - Windows

2017-09-19 00:00:00

nessus

Ubuntu 16.04 ESM : Drupal vulnerabilities (USN-4773-1)

2023-10-20 00:00:00

Debian DSA-3200-1 : drupal7 - security update

2015-03-23 00:00:00

Drupal 6.x < 6.35 / 7.x < 7.35 Multiple Vulnerabilities

2016-04-08 00:00:00

mageia

Updated drupal packages fix security vulnerabilities

2015-03-28 00:12:10

drupal

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

2015-03-18 00:00:00

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

2018-04-25 00:00:00

thn

Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately

2018-04-25 16:41:00

Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

2018-04-26 12:32:00

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

2018-06-05 08:06:00

malwarebytes

A look into Drupalgeddon’s client-side attacks

2018-05-18 15:00:00

impervablog

The State of Web Application Vulnerabilities in 2018

2019-01-09 14:00:26

Drupalgeddon 2.0: Are Hackers Slacking Off?

2018-04-13 19:13:25

How Imperva’s New Attack Crowdsourcing Secures Your Business’s Applications

2019-02-13 12:52:46

veracode

Remote Code Execution (RCE)

2018-04-26 10:18:46

Remote Code Execution (RCE)

2018-04-03 05:03:22

prion

Default credentials

2015-03-25 14:59:00

Open redirect

2017-09-13 16:29:00

Open redirect

2017-09-13 16:29:00

securityvulns

[SECURITY] [DSA 3200-1] drupal7 security update

2015-05-11 00:00:00

[ MDVSA-2015:181 ] drupal

2015-05-12 00:00:00

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

2015-05-12 00:00:00

ubuntucve

CVE-2015-2750

2017-09-13 00:00:00

CVE-2015-2559

2015-03-25 00:00:00

CVE-2015-2749

2017-09-13 00:00:00

debian

[SECURITY] [DSA 3200-1] drupal7 security update

2015-03-20 22:34:30

[SECURITY] [DSA 4180-1] drupal7 security update

2018-04-25 20:13:52

[SECURITY] [DSA 4180-1] drupal7 security update

2018-04-25 20:13:52

archlinux

drupal: multiple issues

2015-03-20 00:00:00

[ASA-201804-10] drupal: arbitrary command execution

2018-04-27 00:00:00

[ASA-201804-1] drupal: arbitrary code execution

2018-04-01 00:00:00

cve

CVE-2015-2559

2015-03-25 14:59:00

CVE-2015-2749

2017-09-13 16:29:00

CVE-2015-2750

2017-09-13 16:29:00

debiancve

CVE-2015-2749

2017-09-13 16:29:00

CVE-2015-2750

2017-09-13 16:29:00

CVE-2015-2559

2015-03-25 14:59:00

K59591931 : Drupal vulnerability CVE-2018-7602

2018-04-30 00:00:00

K22854260 : Drupal vulnerability CVE-2018-7600

2018-03-29 00:00:00

fedora

[SECURITY] Fedora 28 Update: drupal7-7.59-1.fc28

2018-05-05 20:37:11

[SECURITY] Fedora 27 Update: drupal7-7.59-1.fc27

2018-05-10 19:16:35

[SECURITY] Fedora 28 Update: drupal8-8.4.8-1.fc28

2018-05-09 21:27:49

seebug

Drupal core Remote Code Execution(CVE-2018-7602)

2018-04-26 00:00:00

Drupal core Remote Code Execution(CVE-2018-7600) (Drupalgeddon2)

2018-03-30 00:00:00

osv

drupal7 - security update

2018-04-26 00:00:00

drupal7 - security update

2018-04-25 00:00:00

Drupal Core Remote Code Execution Vulnerability

2024-04-23 22:36:09

attackerkb

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

2018-07-19 00:00:00

Drupalgeddon 2

2018-03-29 00:00:00

packetstorm

Drupal drupgeddon3 Remote Code Execution

2018-04-26 00:00:00

Drupalgeddon3 Remote Code Execution

2018-04-30 00:00:00

Drupal Drupalgeddon2 Remote Code Execution Ruby Port

2018-04-13 00:00:00

nuclei

Drupal - Remote Code Execution

2022-02-04 19:09:58

Drupal - Remote Code Execution

2021-02-15 13:33:33

cisa_kev

Drupal Core Remote Code Execution Vulnerability

2022-04-13 00:00:00

Drupal Core Remote Code Execution Vulnerability

2021-11-03 00:00:00

alpinelinux

CVE-2018-7602

2018-07-19 17:29:00

CVE-2018-7600

2018-03-29 07:29:00

github

Drupal Core Remote Code Execution Vulnerability

2024-04-23 22:36:09

Drupal Core Remote Code Execution Vulnerability

2022-05-14 01:29:45

checkpoint_advisories

Drupal Core Remote Code Execution (CVE-2018-7602)

2018-04-26 00:00:00

Drupal Core Remote Code Execution (CVE-2018-7600)

2018-03-29 00:00:00

Drupal Core Form Rendering Remote Code Execution (CVE-2018-7600)

2020-11-05 00:00:00

dsquare

Drupal 7 SA-CORE-2018-004 RCE

2018-05-08 00:00:00

Drupal 8 SA-CORE-2018-002 RCE

2018-05-08 00:00:00

Drupal 7 SA-CORE-2018-002 RCE

2018-05-08 00:00:00

threatpost

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

2018-04-24 18:34:37

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

2018-10-11 20:24:54

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

2018-05-03 16:57:19

exploitpack

Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code Execution (PoC)

2018-04-25 00:00:00

Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code (Metasploit)

2018-04-30 00:00:00

Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (Metasploit)

2018-04-17 00:00:00

ibm

Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602)

2018-06-15 07:09:14

Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

2018-06-15 07:09:07

zdt

Drupal < 7.58 - drupalgeddon3 Authenticated Remote Code Execution (PoC) Exploit

2018-04-26 00:00:00

Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit

2018-05-01 00:00:00

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 Drupalgeddon2 Remote Code Execution Exploit

2018-04-13 00:00:00

saint

Drupal Form API command execution

2018-04-25 00:00:00

Drupal Form API command execution

2018-04-25 00:00:00

Drupal Form API command execution

2018-04-25 00:00:00

metasploit

Drupal Drupalgeddon 2 Forms API Property Injection

2018-04-18 00:05:45

hackerone

U.S. Dept Of Defense: [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████

2020-12-21 07:51:14

qualysblog

Staying Safe in the Era of Browser-based Cryptocurrency Mining

2018-07-25 17:00:02

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

2018-08-23 20:27:19

Microsoft Misfires with Meltdown Patch, while WannaCry Pops Up at Boeing

2018-04-02 18:02:51

freebsd

drupal -- Drupal Core - Multiple Vulnerabilities

2018-03-13 00:00:00

wallarmlab

Drupalgeddon Two.

2018-04-20 19:31:22

exploitdb

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)

2018-04-30 00:00:00

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)

2018-04-25 00:00:00

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)

2018-04-17 00:00:00

githubexploit

Exploit for Improper Input Validation in Drupal

2020-08-31 22:55:18

hivepro

Muhstik botnet adds another vulnerability exploit to its arsenal

2022-03-29 12:17:03

avleonov

Vulnerability Databases: Classification and Registry

2018-06-05 15:57:41

securelist

Incident Response Analyst Report 2019

2020-08-06 10:00:34

kitploit

Darksplitz - Exploit Framework

2019-04-04 21:12:00

Sn1per v5.0 - Automated Pentest Recon Scanner

2018-07-05 13:45:00

Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts

2018-11-24 12:43:00

talosblog

Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters

2019-02-26 10:56:00

DNS Hijacking Abuses Trust In Core Internet Service

2019-04-18 16:08:25

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.976 High

EPSS

Percentile

100.0%

JSON

Related for OSV:USN-4773-1