Description
A vulnerability in multiple subsystems of Drupal allows remote attackers to execute arbitrary operating system commands on the server, leading to potential compromise of the affected system.
Recommendation
Mitigate the risk by upgrading Drupal to the latest stable version that includes patches for the vulnerability.
References
Related Issues
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - CVE-2023-22621
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin (GHSA-2h87-4q2w-v4hf) - CVE-2023-22621
- Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) - CVE-2025-66398
- JSONPath Plus Remote Code Execution (RCE) Vulnerability - CVE-2024-21534
- Tags:
- RCE
- Drupal
- Injection
Anything's wrong? Let us know Last updated on May 13, 2024