Remote Code Execution (RCE)

drupal/drupal is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized shell arguments in DefaultMailSystem::mail, which could be exploited to execute arbitrary code...

GHSA-JF8C-36VW-98X4 Drupal core Remote Code Execution

In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail, which could lead to remote code execution...

Drupal core Remote Code Execution

In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail, which could lead to remote code execution...

Drupal core Remote Code Execution

In Drupal core, when sending email some variables were not being sanitized for shell arguments in DefaultMailSystem::mail, which could lead to remote code execution...

Drupal 8.6.x < 8.6.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in content moderation that could lead to an access bypass. - A flaw exists in path module that could allow users with the administer paths to enter a particular...

Critical RCE Bugs Patched in Drupal 7 and 8

Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to tak...

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...