### [CVE-2018-7600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600)
![](https://img.shields.io/static/v1?label=Product&message=Drupal%20before%207.58%2C%208.x%20before%208.3.9%2C%208.4.x%20before%208.4.6%2C%20and%208.5.x%20before%208.5.1&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=remote%20code%20execution&color=brighgreen)

### Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

### POC

#### Reference
- https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714
- https://github.com/a2u/CVE-2018-7600
- https://github.com/a2u/CVE-2018-7600
- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- https://greysec.net/showthread.php?tid=2912&pid=10561
- https://greysec.net/showthread.php?tid=2912&pid=10561
- https://groups.drupal.org/security/faq-2018-002
- https://groups.drupal.org/security/faq-2018-002
- https://research.checkpoint.com/uncovering-drupalgeddon-2/
- https://research.checkpoint.com/uncovering-drupalgeddon-2/
- https://www.exploit-db.com/exploits/44448/
- https://www.exploit-db.com/exploits/44448/
- https://www.exploit-db.com/exploits/44449/
- https://www.exploit-db.com/exploits/44449/
- https://www.exploit-db.com/exploits/44482/
- https://www.exploit-db.com/exploits/44482/
- https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
- https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know

#### Github
- https://github.com/0ang3el/drupalgeddon2
- https://github.com/0x0d3ad/Kn0ck
- https://github.com/0xAJ2K/CVE-2018-7600
- https://github.com/0xConstant/CVE-2018-7600
- https://github.com/0xConstant/ExploitDevJourney
- https://github.com/0xMrNiko/Awesome-Red-Teaming
- https://github.com/0xT11/CVE-POC
- https://github.com/0xh4di/PayloadsAllTheThings
- https://github.com/0xkasra/CVE-2018-7600
- https://github.com/0xkasra/ExploitDevJourney
- https://github.com/0xsyr0/OSCP
- https://github.com/1120362990/vulnerability-list
- https://github.com/189569400/Meppo
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/3vikram/Application-Vulnerabilities-Payloads
- https://github.com/84KaliPleXon3/Payloads_All_The_Things
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Amar224/Pentest-Tools
- https://github.com/AnonVulc/Pentest-Tools
- https://github.com/Anwar212/drupal
- https://github.com/Astrogeorgeonethree/Starred
- https://github.com/Astrogeorgeonethree/Starred2
- https://github.com/Atem1988/Starred
- https://github.com/Aukaii/notes
- https://github.com/Awrrays/FrameVul
- https://github.com/Beijaflore-Security-LAB/cveexposer
- https://github.com/BugBlocker/lotus-scripts
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CrackerCat/myhktools
- https://github.com/Cyberleet1337/Payloadswebhack
- https://github.com/Damian972/drupalgeddon-2
- https://github.com/Delishsploits/PayloadsAndMethodology
- https://github.com/Desm0ndChan/OSCP-cheatsheet
- https://github.com/DynamicDesignz/Alien-Framework
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/FireFart/CVE-2018-7600
- https://github.com/GhostTroops/TOP
- https://github.com/GhostTroops/myhktools
- https://github.com/GuynnR/Payloads
- https://github.com/H1CH444MREB0RN/PenTest-free-tools
- https://github.com/Hestat/drupal-check
- https://github.com/HimmelAward/Goby_POC
- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools
- https://github.com/JERRY123S/all-poc
- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
- https://github.com/Jean-Francois-C/Windows-Penetration-Testing
- https://github.com/Mehedi-Babu/pentest_tools_repo
- https://github.com/MelanyRoob/Goby
- https://github.com/Muhammd/Awesome-Payloads
- https://github.com/Nieuport/PayloadsAllTheThings
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PWN-Kingdom/Test_Tasks
- https://github.com/PaloAltoNetworks/research-notes
- https://github.com/Pav-ksd-pl/PayloadsAllTheThings
- https://github.com/Prodject/Kn0ck
- https://github.com/Project-WARMIND/Exploit-Modules
- https://github.com/Ra7mo0on/PayloadsAllTheThings
- https://github.com/S3cur3Th1sSh1t/Pentest-Tools
- https://github.com/SPuerBRead/kun
- https://github.com/SecPentester/CVE-7600-2018
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Sh4dowX404Unknown/Drupalgeddon2
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Soldie/PayloadsAllTheThings
- https://github.com/Tealalal/Enterprise-Network-Architecture-and-Attack-and-Defense
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/UltramanGaia/POC-EXP
- https://github.com/Waseem27-art/ART-TOOLKIT
- https://github.com/WingsSec/Meppo
- https://github.com/XPR1M3/Payloads_All_The_Things
- https://github.com/YellowVeN0m/Pentesters-toolbox
- https://github.com/YgorAlberto/Ethical-Hacker
- https://github.com/YgorAlberto/ygoralberto.github.io
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/RedTeamer
- https://github.com/a2u/CVE-2018-7600
- https://github.com/alexfrancow/Exploits
- https://github.com/amitnandi04/Common-Vulnerability-Exposure-CVE-
- https://github.com/andrysec/PayloadsAllVulnerability
- https://github.com/anhtu97/PayloadAllEverything
- https://github.com/anldori/CVE-2018-7600
- https://github.com/anquanscan/sec-tools
- https://github.com/antonio-fr/DrupalRS
- https://github.com/apkadmin/PayLoadsAll
- https://github.com/aylincetin/PayloadsAllTheThings
- https://github.com/aymankhder/Windows-Penetration-Testing
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bigblackhat/oFx
- https://github.com/cfreal/ten
- https://github.com/chanchalpatra/payload
- https://github.com/chriskaliX/PHP-code-audit
- https://github.com/cjgratacos/drupalgeddon2-test
- https://github.com/cocomelonc/vulnexipy
- https://github.com/cved-sources/cve-2018-7600
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cyberharsh/DrupalCVE-2018-7602
- https://github.com/dark-vex/CVE-PoC-collection
- https://github.com/daynis-olman/drupalgeddon-shell-exploit
- https://github.com/do0dl3/myhktools
- https://github.com/dr-iman/CVE-2018-7600-Drupal-0day-RCE
- https://github.com/dreadlocked/Drupalgeddon2
- https://github.com/drugeddon/drupal-exploit
- https://github.com/dwisiswant0/CVE-2018-7600
- https://github.com/edisonrivera/HackTheBox
- https://github.com/elinakrmova/RedTeam-Tools
- https://github.com/emtee40/win-pentest-tools
- https://github.com/emzkie2018/S4nji1-Drupalgeddon2
- https://github.com/enomothem/PenTestNote
- https://github.com/falocab/PayloadsAllTheThings
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/firefart/CVE-2018-7600
- https://github.com/fyraiga/CVE-2018-7600-drupalgeddon2-scanner
- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
- https://github.com/gameFace22/vulnmachine-walkthrough
- https://github.com/githubfoam/yara-sandbox
- https://github.com/gobysec/Goby
- https://github.com/hack-parthsharma/Pentest-Tools
- https://github.com/happynote3966/CVE-2018-7600
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hellochunqiu/PayloadsAllTheThings
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/hktalent/myhktools
- https://github.com/huimzjty/vulwiki
- https://github.com/imoki/imoki-poc
- https://github.com/ipirva/NSX-T_IDS
- https://github.com/iqrok/myhktools
- https://github.com/jared1981/More-Pentest-Tools
- https://github.com/jbmihoub/all-poc
- https://github.com/jenriquezv/OSCP-Cheat-Sheets
- https://github.com/jirojo2/drupalgeddon2
- https://github.com/jstang9527/gofor
- https://github.com/jyo-zi/CVE-2018-7600
- https://github.com/kdandy/pentest_tools
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
- https://github.com/killeveee/CVE-2018-7600
- https://github.com/kk98kk0/Payloads
- https://github.com/knqyf263/CVE-2018-7600
- https://github.com/koutto/jok3r-pocs
- https://github.com/ksw9722/PayloadsAllTheThings
- https://github.com/lanjelot/ctfs
- https://github.com/lnick2023/nicenice
- https://github.com/lorddemon/drupalgeddon2
- https://github.com/ludy-dev/drupal8-REST-RCE
- https://github.com/madneal/codeql-scanner
- https://github.com/markroxor/pentest-resources
- https://github.com/maya6/-scan-
- https://github.com/merlinepedra/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools-1
- https://github.com/mrhacker51/ReverseShellCommands
- https://github.com/murksombra/rmap
- https://github.com/ncinfinity69/asulo
- https://github.com/neoblackied/drupal1
- https://github.com/nevidimk0/PayloadsAllTheThings
- https://github.com/nitishbadole/Pentest_Tools
- https://github.com/nixawk/labs
- https://github.com/nxme/php-uicode-issues-drupal
- https://github.com/oneplus-x/MS17-010
- https://github.com/oneplus-x/Sn1per
- https://github.com/openx-org/BLEN
- https://github.com/opflep/Drupalgeddon-Toolkit
- https://github.com/oscpname/OSCP_cheat
- https://github.com/osogi/NTO_2022
- https://github.com/ozkanbilge/Payloads
- https://github.com/password520/RedTeamer
- https://github.com/pathakabhi24/Pentest-Tools
- https://github.com/persian64/CVE-2018-7600
- https://github.com/pimps/CVE-2018-7600
- https://github.com/pjgmonteiro/Pentest-tools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/qiantu88/test
- https://github.com/r0lh/CVE-2018-7600
- https://github.com/r3dxpl0it/CVE-2018-7600
- https://github.com/rabbitmask/CVE-2018-7600-Drupal7
- https://github.com/rafaelcaria/drupalgeddon2-CVE-2018-7600
- https://github.com/ranjan-prp/PayloadsAllTheThings
- https://github.com/raoufmaklouf/cve5scan
- https://github.com/ravijainpro/payloads_xss
- https://github.com/resistezauxhackeurs/outils_audit_cms
- https://github.com/ret2x-tools/drupalgeddon2-rce
- https://github.com/retr0-13/Goby
- https://github.com/retr0-13/Pentest-Tools
- https://github.com/revanmalang/OSCP
- https://github.com/roguehedgehog/claire
- https://github.com/rusty-sec/lotus-scripts
- https://github.com/ruthvikvegunta/Drupalgeddon2
- https://github.com/samba234/Sniper
- https://github.com/severnake/Pentest-Tools
- https://github.com/shellord/CVE-2018-7600-Drupal-RCE
- https://github.com/shellord/Drupalgeddon-Mass-Exploiter
- https://github.com/sl4cky/CVE-2018-7600
- https://github.com/sl4cky/CVE-2018-7600-Masschecker
- https://github.com/sobinge/--1
- https://github.com/sobinge/PayloadsAllTheThings
- https://github.com/sobinge/PayloadsAllThesobinge
- https://github.com/soch4n/CVE-2018-7600
- https://github.com/stillHere3000/KnownMalware
- https://github.com/superfish9/pt
- https://github.com/t0m4too/t0m4to
- https://github.com/teamdArk5/Sword
- https://github.com/thehappydinoa/CVE-2018-7600
- https://github.com/theyoge/AD-Pentesting-Tools
- https://github.com/tomoyamachi/gocarts
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/txuswashere/OSCP
- https://github.com/u53r55/darksplitz
- https://github.com/unusualwork/Sn1per
- https://github.com/vphnguyen/ANM_CVE-2018-7600
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/PayloadsAllTheThings
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xhref/OSCP
- https://github.com/xonoxitron/INE-eJPT-Certification-Exam-Notes-Cheat-Sheet
- https://github.com/yak0d3/dDumper
- https://github.com/ynsmroztas/drupalhunter
- https://github.com/zeralot/Dectect-CVE
- https://github.com/zhzyker/CVE-2018-7600-Drupal-POC-EXP