Drupal Core Remote Code Execution

Advisory: CERT.be Advisory #2018-011
Version: 1.0
Reference: CVE-2018-7602
CVSS: Not known; ranked as Highly critical by Drupal
Affected software: Drupal core
Type: remote code execution




The vulnerability, tracked as CVE-2018-7602 presents the following risks: remote code execution. The vulnerability is currently being actively exploited to allow attackers to take control of the affected system.
This vulnerability is linked to the previous CVE-2018-7600 which allowed attackers to exploit multiple attack vectors on a Drupal site and resulted in the site being completely compromised.


A new vulnerability in Drupal installations has been published recently, which could lead to remote code execution. Drupal has released software updates that addresses the vulnerability. At the time of publication, there is no other mitigation that addresses this vulnerability.

Vulnerable Products

The vulnerability described in this advisory affects all the existing below versions:
• 7.x: All versions before 7.59
• 8.5.x: All versions before 8.5.3
• 8.4.x: All versions before 8.4.8


CERT.be recommends systems administrators and webmasters to install the latest updates available from Drupal. As there have been multiple Drupal vulnerabilities published lately, it is important to keep your system up to date by installing the newest updates (At the time of writing: 2018-April-25).
Drupal has released free updates on their website. See Sources section.