Drupal 8.6.x < 8.6.10 Remote Code Execution Vulnerability
Medium Web Application Scanning Plugin ID 98589
SynopsisDrupal 8.6.x < 8.6.10 Remote Code Execution Vulnerability
DescriptionAccording to its self-reported version, the instance of Drupal running on the remote web server is 8.5.x prior to 8.5.11 or 8.6.x prior to 8.6.10. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of data from non-form sources.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to Drupal version 8.6.10 or latest.