Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
High

Drupalgeddon 2

Disclosure Date: March 29, 2018 (last updated September 02, 2020)
This exploits a Drupal property injection in the Forms API. Drupal 6.x, < 7.58, 8.2.x, < 8.3.9, < 8.4.6, and < 8.5.1 are vulnerable. Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.