ID CVE-2018-7602
Summary A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:drupal:drupal:6.38
    cpe:2.3:a:drupal:drupal:6.38
  • Drupal 7.0
    cpe:2.3:a:drupal:drupal:7.0
  • Drupal 7.0 alpha1
    cpe:2.3:a:drupal:drupal:7.0:alpha1
  • Drupal 7.0 alpha2
    cpe:2.3:a:drupal:drupal:7.0:alpha2
  • Drupal 7.0 alpha3
    cpe:2.3:a:drupal:drupal:7.0:alpha3
  • Drupal 7.0 alpha4
    cpe:2.3:a:drupal:drupal:7.0:alpha4
  • Drupal 7.0 alpha5
    cpe:2.3:a:drupal:drupal:7.0:alpha5
  • Drupal 7.0 alpha6
    cpe:2.3:a:drupal:drupal:7.0:alpha6
  • Drupal 7.0 alpha7
    cpe:2.3:a:drupal:drupal:7.0:alpha7
  • Drupal 7.0 Beta 1
    cpe:2.3:a:drupal:drupal:7.0:beta1
  • Drupal 7.0 Beta 2
    cpe:2.3:a:drupal:drupal:7.0:beta2
  • Drupal 7.0 Beta 3
    cpe:2.3:a:drupal:drupal:7.0:beta3
  • Drupal 7.0 dev
    cpe:2.3:a:drupal:drupal:7.0:dev
  • Drupal 7.0 Release Candidate 1
    cpe:2.3:a:drupal:drupal:7.0:rc1
  • Drupal 7.0 Release Candidate 2
    cpe:2.3:a:drupal:drupal:7.0:rc2
  • Drupal 7.0 Release Candidate 3
    cpe:2.3:a:drupal:drupal:7.0:rc3
  • Drupal 7.0 Release Candidate 4
    cpe:2.3:a:drupal:drupal:7.0:rc4
  • Drupal 7.1
    cpe:2.3:a:drupal:drupal:7.1
  • Drupal 7.2
    cpe:2.3:a:drupal:drupal:7.2
  • Drupal 7.3
    cpe:2.3:a:drupal:drupal:7.3
  • Drupal 7.4
    cpe:2.3:a:drupal:drupal:7.4
  • Drupal 7.5
    cpe:2.3:a:drupal:drupal:7.5
  • Drupal 7.6
    cpe:2.3:a:drupal:drupal:7.6
  • Drupal 7.7
    cpe:2.3:a:drupal:drupal:7.7
  • Drupal 7.8
    cpe:2.3:a:drupal:drupal:7.8
  • Drupal 7.9
    cpe:2.3:a:drupal:drupal:7.9
  • Drupal 7.10
    cpe:2.3:a:drupal:drupal:7.10
  • Drupal 7.11
    cpe:2.3:a:drupal:drupal:7.11
  • Drupal 7.12
    cpe:2.3:a:drupal:drupal:7.12
  • Drupal 7.13
    cpe:2.3:a:drupal:drupal:7.13
  • Drupal 7.14
    cpe:2.3:a:drupal:drupal:7.14
  • Drupal 7.15
    cpe:2.3:a:drupal:drupal:7.15
  • Drupal 7.16
    cpe:2.3:a:drupal:drupal:7.16
  • Drupal 7.17
    cpe:2.3:a:drupal:drupal:7.17
  • Drupal 7.18
    cpe:2.3:a:drupal:drupal:7.18
  • Drupal 7.19
    cpe:2.3:a:drupal:drupal:7.19
  • Drupal 7.20
    cpe:2.3:a:drupal:drupal:7.20
  • Drupal 7.21
    cpe:2.3:a:drupal:drupal:7.21
  • Drupal 7.22
    cpe:2.3:a:drupal:drupal:7.22
  • Drupal 7.23
    cpe:2.3:a:drupal:drupal:7.23
  • Drupal 7.24
    cpe:2.3:a:drupal:drupal:7.24
  • Drupal 7.25
    cpe:2.3:a:drupal:drupal:7.25
  • Drupal 7.26
    cpe:2.3:a:drupal:drupal:7.26
  • Drupal 7.27
    cpe:2.3:a:drupal:drupal:7.27
  • Drupal 7.28
    cpe:2.3:a:drupal:drupal:7.28
  • Drupal 7.29
    cpe:2.3:a:drupal:drupal:7.29
  • Drupal 7.30
    cpe:2.3:a:drupal:drupal:7.30
  • Drupal 7.31
    cpe:2.3:a:drupal:drupal:7.31
  • Drupal 7.32
    cpe:2.3:a:drupal:drupal:7.32
  • Drupal 7.33
    cpe:2.3:a:drupal:drupal:7.33
  • Drupal 7.34
    cpe:2.3:a:drupal:drupal:7.34
  • Drupal 7.35
    cpe:2.3:a:drupal:drupal:7.35
  • Drupal 7.36
    cpe:2.3:a:drupal:drupal:7.36
  • Drupal 7.37
    cpe:2.3:a:drupal:drupal:7.37
  • Drupal Drupal 7.38
    cpe:2.3:a:drupal:drupal:7.38
  • Drupal 7.40
    cpe:2.3:a:drupal:drupal:7.40
  • Drupal 7.41
    cpe:2.3:a:drupal:drupal:7.41
  • Drupal 7.42
    cpe:2.3:a:drupal:drupal:7.42
  • Drupal 7.43
    cpe:2.3:a:drupal:drupal:7.43
  • Drupal 7.44
    cpe:2.3:a:drupal:drupal:7.44
  • Drupal 7.50
    cpe:2.3:a:drupal:drupal:7.50
  • Drupal 7.51
    cpe:2.3:a:drupal:drupal:7.51
  • Drupal 7.52
    cpe:2.3:a:drupal:drupal:7.52
  • Drupal 7.53
    cpe:2.3:a:drupal:drupal:7.53
  • Drupal 7.54
    cpe:2.3:a:drupal:drupal:7.54
  • Drupal 7.55
    cpe:2.3:a:drupal:drupal:7.55
  • Drupal 7.56
    cpe:2.3:a:drupal:drupal:7.56
  • Drupal 7.57
    cpe:2.3:a:drupal:drupal:7.57
CVSS
Base: 7.5
Impact:
Exploitability:
d2sec via4
name Drupal 7 SA-CORE-2018-004 RCE
url http://www.d2sec.com/exploits/drupal_7_sa-core-2018-004_rce.html
exploit-db via4
  • description Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC). CVE-2018-7602. Webapps exploit for PHP platform
    file exploits/php/webapps/44542.txt
    id EDB-ID:44542
    last seen 2018-05-24
    modified 2018-04-25
    platform php
    port
    published 2018-04-25
    reporter Exploit-DB
    source https://www.exploit-db.com/download/44542/
    title Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)
    type webapps
  • description Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit). CVE-2018-7602. Webapps exploit for PHP platform. Tags: Metasploit Framework (MSF)
    file exploits/php/webapps/44557.rb
    id EDB-ID:44557
    last seen 2018-05-24
    modified 2018-04-30
    platform php
    port
    published 2018-04-30
    reporter Exploit-DB
    source https://www.exploit-db.com/download/44557/
    title Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
    type webapps
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-B9AD458866.NASL
    description - https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 109710
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109710
    title Fedora 27 : drupal7 (2018-b9ad458866) (Drupalgeddon 2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-1BA93B3144.NASL
    description - https://www.drupal.org/project/drupal/releases/8.4.8 - https://www.drupal.org/SA-CORE-2018-004 - https://www.drupal.org/project/drupal/releases/8.4.7 - https://www.drupal.org/sa-core-2018-003 RPM update: `drupal8-rpmbuild` package dependencies fixed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 109705
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109705
    title Fedora 27 : drupal8 (2018-1ba93b3144) (Drupalgeddon 2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-2359C2AE0E.NASL
    description - https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 109706
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109706
    title Fedora 26 : drupal7 (2018-2359c2ae0e) (Drupalgeddon 2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1365.NASL
    description A remote code execution vulnerability has been found within multiple subsystems of Drupal. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. For Debian 7 'Wheezy', these problems have been fixed in version 7.14-2+deb7u19. We recommend that you upgrade your drupal7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 109381
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109381
    title Debian DLA-1365-1 : drupal7 security update (Drupalgeddon 2)
  • NASL family CGI abuses
    NASL id DRUPAL_8_5_3.NASL
    description According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.59, 8.4.x prior to 8.4.8, or 8.5.x prior to 8.5.3. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 109344
    published 2018-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109344
    title Drupal 7.x < 7.59 / 8.4.x < 8.4.8 / 8.5.x < 8.5.3 Remote Code Execution Vulnerability (SA-CORE-2018-004)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-8FD924A53D.NASL
    description - https://www.drupal.org/project/drupal/releases/8.4.8 - https://www.drupal.org/SA-CORE-2018-004 - https://www.drupal.org/project/drupal/releases/8.4.7 - https://www.drupal.org/sa-core-2018-003 RPM update: `drupal8-rpmbuild` package dependencies fixed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 120613
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120613
    title Fedora 28 : drupal8 (2018-8fd924a53d) (Drupalgeddon 2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-43C64DEADA.NASL
    description - https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 120383
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120383
    title Fedora 28 : drupal7 (2018-43c64deada) (Drupalgeddon 2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4180.NASL
    description A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 109349
    published 2018-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109349
    title Debian DSA-4180-1 : drupal7 - security update (Drupalgeddon 2)
packetstorm via4
refmap via4
bid 103985
confirm https://www.drupal.org/sa-core-2018-004
debian DSA-4180
exploit-db
  • 44542
  • 44557
mlist [debian-lts-announce] 20180426 [SECURITY] [DLA 1365-1] drupal7 security update
sectrack 1040754
the hacker news via4
Last major update 19-07-2018 - 13:29
Published 19-07-2018 - 13:29
Last modified 18-09-2018 - 14:17
Back to Top