FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Drupal Core - Multiple Vulnerabilities

Affected packages
drupal7 < 7.58
drupal8 < 8.5.2

Details

VuXML ID 89ca6f7d-4f00-11e8-9b1d-00e04c1ea73d
Discovery 2018-04-25
Entry 2018-05-03

Drupal Security Team reports:

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

References

URL https://www.drupal.org/SA-CORE-2018-004