{"cve":{"cve_id":"CVE-2018-7600","is_kev":true,"kev_date_added":"2021-11-03","kev_vendor_project":"Drupal","kev_product":"Drupal Core","kev_vulnerability_name":"Drupal Core Remote Code Execution Vulnerability","kev_short_description":"Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-05-03","kev_known_ransomware":true,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2018-7600","kev_cwes":["CWE-20"],"epss_score":0.99993,"epss_percentile":0.99986,"epss_as_of":"2026-06-23","description":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","published_at":"2018-03-29T07:00:00Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-20"],"nvd_references":["https://github.com/g0rx/CVE-2018-7600-Drupal-RCE","http://www.securitytracker.com/id/1040598","https://twitter.com/arancaytar/status/979090719003627521","https://twitter.com/RicterZ/status/979567469726613504","https://www.drupal.org/sa-core-2018-002","https://www.synology.com/support/security/Synology_SA_18_17","https://github.com/a2u/CVE-2018-7600","https://www.exploit-db.com/exploits/44482/","https://research.checkpoint.com/uncovering-drupalgeddon-2/","https://groups.drupal.org/security/faq-2018-002","https://www.debian.org/security/2018/dsa-4156","https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","https://www.exploit-db.com/exploits/44448/","http://www.securityfocus.com/bid/103534","https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/","https://greysec.net/showthread.php?tid=2912&pid=10561","https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know","https://twitter.com/RicterZ/status/984495201354854401","https://www.exploit-db.com/exploits/44449/"],"vuln_status":null,"trending_score":0.6099874,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-29T02:30:27.550645Z"},"effective_severity":"CRITICAL","badges":["kev","ransomware","poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-7600.yaml","title":"Drupal - Remote Code Execution","author":"pikpikcu","disclosed_at":null}],"news":[],"references":[{"url":"https://github.com/g0rx/CVE-2018-7600-Drupal-RCE","source_type":"MISC","tags":[]},{"url":"http://www.securitytracker.com/id/1040598","source_type":"MISC","tags":[]},{"url":"https://twitter.com/arancaytar/status/979090719003627521","source_type":"MISC","tags":[]},{"url":"https://twitter.com/RicterZ/status/979567469726613504","source_type":"MISC","tags":[]},{"url":"https://www.drupal.org/sa-core-2018-002","source_type":"MISC","tags":[]},{"url":"https://www.synology.com/support/security/Synology_SA_18_17","source_type":"MISC","tags":[]},{"url":"https://github.com/a2u/CVE-2018-7600","source_type":"MISC","tags":[]},{"url":"https://www.exploit-db.com/exploits/44482/","source_type":"EXPLOIT","tags":["exploit"]},{"url":"https://research.checkpoint.com/uncovering-drupalgeddon-2/","source_type":"MISC","tags":[]},{"url":"https://groups.drupal.org/security/faq-2018-002","source_type":"MISC","tags":[]},{"url":"https://www.debian.org/security/2018/dsa-4156","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://www.exploit-db.com/exploits/44448/","source_type":"EXPLOIT","tags":["exploit"]},{"url":"http://www.securityfocus.com/bid/103534","source_type":"MISC","tags":[]},{"url":"https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/","source_type":"MISC","tags":[]},{"url":"https://greysec.net/showthread.php?tid=2912&pid=10561","source_type":"MISC","tags":[]},{"url":"https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","source_type":"MISC","tags":[]},{"url":"https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know","source_type":"MISC","tags":[]},{"url":"https://twitter.com/RicterZ/status/984495201354854401","source_type":"MISC","tags":[]},{"url":"https://www.exploit-db.com/exploits/44449/","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2018-03-29T07:00:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2021-11-03T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"ssvc_changed","at":"2026-06-24T00:31:17.516004Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:17.516004Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:17.516004Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:17.516004Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:17.516004Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:17.516004Z","label":"CVSS score revised","source":"vulnrichment"}]}