Description
A vulnerability in multiple subsystems of Drupal allows remote attackers to execute arbitrary operating system commands on the server, leading to potential compromise of the affected system.
Recommendation
Mitigate the risk by upgrading Drupal to the latest stable version that includes patches for the vulnerability.
References
Related Issues
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - CVE-2023-22621
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin (GHSA-2h87-4q2w-v4hf) - CVE-2023-22621
- Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE) - CVE-2026-23733
- Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) - CVE-2025-66398
You might also like:
- Tags:
- RCE
- Drupal
- Injection
Anything's wrong? Let us know Last updated on May 13, 2024