Synopsis
Drupal 8.5.x < 8.5.11 Remote Code Execution Vulnerability
Description
According to its self-reported version, the instance of Drupal running on the remote web server is 8.5.x prior to 8.5.11 or 8.6.x prior to 8.6.10. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of data from non-form sources.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update to Drupal version 8.5.11 or latest.