SERVER-WEBAPP Drupal 8 remote code execution attempt
This event is generated when an attempt to exploit CVE-2018-7600 is detected.
Attempted Administrator Privilege Gain
CVSS base score
CVSS impact score
CVSS exploitability score
CVE-2018-7600 is an issue with Drupal < 7.58 and < 8.51 where improper validation and sanitizing of internal Drupal attributes can lead to remote code execution on an affected system.
CVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Ease of attack
Simple, public PoC's are available.
Patch your Drupal instance to the newest version.
- Cisco's Talos Intelligence Group