Detections
Analytics

Drupal 7.x < 7.60 / 8.5.x < 8.5.8 / 8.6.x < 8.6.2 Drupal Multiple Vulnerabilities (SA-CORE-2018-006)

high Nessus Plugin ID 118307

Language:

Synopsis

A PHP application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.60, 8.5.x prior to 8.5.8, or 8.6.x prior to 8.6.2. It is, therefore, affected by multiple vulnerabilities.

Solution

Upgrade to Drupal version 7.60 / 8.5.8 / 8.6.2 or later.

See Also

https://www.drupal.org/SA-CORE-2018-006

https://www.drupal.org/project/drupal/releases/7.60

https://www.drupal.org/project/drupal/releases/8.5.8

https://www.drupal.org/project/drupal/releases/8.6.2

Plugin Details

Severity: High

ID: 118307

File Name: drupal_8_6_2.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 10/22/2018

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: Settings/ParanoidReport, installed_sw/Drupal

Patch Publication Date: 10/17/2018

Vulnerability Publication Date: 10/17/2018