Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 30 mars 2018

Drupal Core – Remote Code Execution (CERT-EU Security Advisory 2018-008)

Drupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site. Successful exploitation could lead to a potential compromise of the web application and possibly the underlying operating system as well.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 296


Événements SSI