Drupal Remote Code Execution Vulnerability (SA-CORE-2018-002) (exploit)
Critical Nessus Plugin ID 109041
SynopsisThe remote web server hosts a PHP CMS that is affected by a remote command execution vulnerability.
DescriptionThe Drupal CMS installed on the remote host is affected by a remote command execution vulnerability. A remote, unauthenticated attacker can leverage this issue to execute arbitrary commands on the remote host.
SolutionUpgrade to Drupal version 7.58 / 8.3.9 / 8.4.6 / 8.5.1 or later.