admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2018-7600

Browse Source
This commit is contained in:
tardc 2020-04-15 17:24:27 +08:00
parent 2a7730f3d0
commit cf68dffedc
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Drupal/CVE-2018-7600/CVE-2018-7600.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.7 MiB

13
Drupal/CVE-2018-7600/README.md Normal file
View File

@ -0,0 +1,13 @@
# CVE-2018-7600 Drupal Remote Code Execution Vulnerability
Drupal is an open source content management framework (CMF) written in PHP. It consists of a content management system (CMS) and a PHP development framework.
Drupal had insufficient input sanitation on Form API (FAPI) AJAX requests. As a result, this enabled an attacker to potentially inject a malicious payload into the internal form structure. This would have caused Drupal to execute it without user authentication. By exploiting this vulnerability an attacker would have been able to carry out a full site takeover of any Drupal customer.
Affected version: Drupal 6 - 8
FOFA query rule: app="Drupal"
# Demo
![](CVE-2018-7600.gif)