Description
A vulnerability in multiple subsystems of Drupal allows remote attackers to execute arbitrary operating system commands on the server, leading to potential compromise of the affected system.
Recommendation
Mitigate the risk by upgrading Drupal to the latest stable version that includes patches for the vulnerability.
References
Related Issues
- Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE) - CVE-2026-23733
- FUXA allows Remote Code Execution (RCE) via the project import functionality. - CVE-2025-69983
- JSONPath Plus Remote Code Execution (RCE) Vulnerability - CVE-2024-21534
- @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
You might also like:
- Tags:
- RCE
- Drupal
- Injection
Anything's wrong? Let us know Last updated on May 13, 2024