VYPR
Critical severity9.8CISA KEVNVD Advisory· Published Jul 19, 2018· Updated Jun 17, 2026

CVE-2018-7602

CVE-2018-7602

Description

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
drupal/corePackagist
>= 7.0, < 7.597.59
drupal/corePackagist
>= 8.0, < 8.4.88.4.8
drupal/corePackagist
>= 8.5, < 8.5.38.5.3
drupal/drupalPackagist
>= 7.0, < 7.597.59
drupal/drupalPackagist
>= 8.0, < 8.4.88.4.8
drupal/drupalPackagist
>= 8.5, < 8.5.38.5.3

Affected products

3

Patches

Vulnerability mechanics

References

14

News mentions

1