Operation and MaintenanceSafetyWhat is CNNVD's report on Drupal Core remote code execution vulnerabilities?What is CNNVD's report on Drupal Core remote code execution vulnerabilities?
The National Information Security Vulnerability Database (CNNVD) received reports about Drupal Core remote code execution vulnerabilities (CNNVD-201804-1490, CVE-2018-7602). An attacker who successfully exploited this vulnerability could conduct remote code execution attacks on the target system. Multiple versions of Drupal, including version 7.x and version 8.x, are affected by this vulnerability. Currently, part of the vulnerability verification code for this vulnerability has been made public on the Internet, and Drupal has officially released a patch to fix the vulnerability. It is recommended that users promptly confirm whether they are affected by the vulnerability and take patching measures as soon as possible.
1. Vulnerability introduction
Drupal is a free and open source content management framework developed in PHP language maintained by the Drupal community. It It is composed of content management system (CMS) and PHP development framework (Framework).
Drupal Core remote code execution vulnerability (CNNVD-201804-1490, CVE-2018-7602), this vulnerability is similar to the previous Drupal Core remote code execution vulnerability in March 2018 (CNNVD-201803-1136, CVE- 2018-7600), the vulnerability stems from Drupal’s official incomplete patching of the vulnerability, which allows the patch to be bypassed, thereby achieving remote code execution.
2. Hazardous Impact
An attacker who successfully exploits this vulnerability can conduct remote code execution attacks on the target system. In the near future, there is a high possibility that part of the verification code of this vulnerability published on the Internet will be exploited. The versions affected by the vulnerability are as follows:
Drupal version 7.x, Drupal version 8.x.
3. Repair Suggestions
Currently, Drupal has officially released a patch to fix the vulnerability. Users are asked to check the product version in a timely manner. If it is confirmed that the vulnerability is affected, please press as soon as possible. The following measures are taken for protection.
1. Upgrade Drupal version:
Please upgrade Drupal 7.x to Drupal 7.59 version.
Please upgrade Drupal 8.4.x to version 8.4.8
Please upgrade Drupal 8.5.x to Drupal 8.5.3.
2. If the user cannot upgrade the version immediately, please update the patch. The patch address is:
| Patch address | |
|---|---|
| https://cgit.drupalcode.org/drupal/rawdiff /?h=7.x&id=080daa38f265ea28444c540832509a48861587d0 | |
| https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id =bb6d396609600d1169da29456ba3db59abae4b7e |
The above is the detailed content of What is CNNVD's report on Drupal Core remote code execution vulnerabilities?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Dreamweaver Mac version
Visual web development tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
