Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:6042
HistoryApr 03, 2018 - 5:03 a.m.

Remote Code Execution (RCE)

2018-04-0305:03:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
29

0.976 High

EPSS

Percentile

100.0%

drupal/core is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the lack of sanitization applied to URL endpoints where array objects can be supplied to request parameters, allowing a potential compromise of the PHP application, and even the underlying operating system (OS).