CVE-2018-15505 is a vulnerability that was discovered in September 2018. This vulnerability affects all versions of the popular open-source content management system, Drupal. The vulnerability allows an attacker to remotely execute arbitrary code on the affected system, which could result in complete compromise of the Drupal installation.
The vulnerability was caused by a lack of input validation in the Drupal core subsystem responsible for handling file uploads. This flaw allowed an attacker to upload a malicious file with a carefully crafted filename, which could trigger the execution of arbitrary code. Exploitation of CVE-2018-15505 required only a user account with permissions to upload files, making it a serious threat to any Drupal-based website.
Upon discovering the vulnerability, Drupal's security team quickly released a security advisory and patch to address the issue. They recommended that all Drupal site administrators apply the patch as soon as possible, and also advised them to review their access controls to limit the number of users who have permission to upload files. While there were no reports of exploitation in the wild prior to the release of the patch, it is always important to take proactive measures to protect against such vulnerabilities.