CVE-2018-7600β€”Drupal Core Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2021-11-03 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2018-7600
Project:
Drupal
Product:
Drupal Core
Date Added:
2021-11-03
Due Date:
2022-05-03
Last Updated:
June 21, 2025

Vulnerability Name

Drupal Core Remote Code Execution Vulnerability

Description

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses