Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 27 avril 2018

Drupal Core - Remote Code Execution (CERT-EU Security Advisory 2018-012)

Drupal is a content management system often used for Enterprise Content Management Projects. A remote code execution vulnerability (CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x. This allows attackers to exploit multiple attack vectors on a Drupal site, which result in the site being compromised. This vulnerability is related to Drupal core - highly critical - Remote Code Execution - SA-CORE-2018-002 (CVE-2018-7600). Both SA-CORE-2018-002/CERT-EU-SA2018-008 (CVE-2018-7600) and this vulnerability are being exploited in the wild.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 234

x

Événements SSI