Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2018-7600 | Drupal Core Remote Code Execution Vulnerability | secondary_impact | T1485 | Data Destruction |
Comments
CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8. According to reports, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site and crypto-jacking campaigns.
References
|
| CVE-2018-7600 | Drupal Core Remote Code Execution Vulnerability | secondary_impact | T1496 | Resource Hijacking |
Comments
CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8. According to reports, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site and crypto-jacking campaigns.
References
|
| CVE-2018-7600 | Drupal Core Remote Code Execution Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8. According to reports, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site and crypto-jacking campaigns.
References
|
| CVE-2018-7600 | Drupal Core Remote Code Execution Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2018-7602 is a remote code execution (RCE) vulnerability affecting Drupal’s versions 7 and 8. According to reports, successfully exploiting the vulnerability entails elevating the permission to modify or delete the content of a Drupal-run site and crypto-jacking campaigns.
References
|