Exploit for #VU11317 Code injection in Drupal

Vulnerability identifier: #VU11317

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2018-7600

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 27

• June 17, 2021
  • Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) [Exploit-DB]
  • Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) [Exploit-DB]
  • Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution [Exploit-DB]
• March 30, 2021
  • scripts (A collection of scripts I've written, including automation, enumeration, exploitation, etc.) [Github]
• September 1, 2020
  • Drupalgeddon2 (CVE-2018-7600 | Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' RCE) [Github]
• July 15, 2020
  • drupalhunter (CVE-2018-7600 0-Day Exploit (cyber-warrior.org)) [Github]
• June 19, 2020
  • drupalgeddon2 (The exploit python script for CVE-2018-7600) [Github]
• April 7, 2020
  • exphub (Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340) [Github]
  • Exploits (Containing Self Made Perl Reproducers / PoC Codes) [Github]
• March 18, 2020
  • cve5scan (5 CVE scan and exploit) [Github]
  • CVE-2018-7600 ( [Github]
  • cveexposer (Shell script searching for known CVE & Exploit associated with a product name/version) [Github]
  • CVE-2018-7600-Drupal-RCE (MASS Exploiter) [Github]
  • Drupalgeddon-Mass-Exploiter (CVE-2018-7600 and CVE-2018-7602 Mass Exploiter) [Github]
  • Alien-Framework (Alien-Framework, it is a framework with many CVE exploits and tools to use in pen-testing.) [Github]
  • drupal-exploit (CVE-2018-7600) [Github]
  • drupalgeddon2 (The exploit python script for CVE-2018-7600) [Github]
  • Drupalgeddon2 (Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)) [Github]
  • drupal-check (Tool to dive Apache logs for evidence of exploitation of CVE-2018-7600) [Github]
  • CVE-2018-7600 (Exploit for Drupal 7 <= 7.57 CVE-2018-7600) [Github]
  • drupalgeddon2 (Exploit for CVE-2018-7600.. called drupalgeddon2, ) [Github]
  • CVE-2018-7600 (Testing and exploitation tool for Drupalgeddon 2 (CVE-2018-7600)) [Github]
  • drupalgeddon2 (MSF exploit module for Drupalgeddon 2 (CVE-2018-7600 / SA-CORE-2018-002)) [Github]
  • labs (Vulnerability Labs for security analysis) [Github]
  • Drupal Drupalgeddon 2 Forms API Property Injection [Metasploit]
  • CVE-EXPLOIT-DB () [Github]
  • CVE-in-Ruby (Exploits written & ported to Ruby - no Metasploit) [Github]

Vulnerable software:
Drupal
Web applications / CMS

Vendor: Drupal