Drupal REST module command execution

Added: 02/27/2019
CVE: CVE-2019-6340
BID: 107106

Background

Drupal is an open-source content management system written in PHP.

Problem

The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code.

Resolution

Upgrade to Drupal 8.5.11 or 8.6.10 or higher.

References

https://www.drupal.org/sa-core-2019-003

Platforms

Linux

Back to exploit index