CVE-2018-15505

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2018-15505 is a vulnerability that was discovered in September 2018. This vulnerability affects all versions of the popular open-source content management system, Drupal. The vulnerability allows an attacker to remotely execute arbitrary code on the affected system, which could result in complete compromise of the Drupal installation. The vulnerability was caused by a lack of input validation in the Drupal core subsystem responsible for handling file uploads. This flaw allowed an attacker to upload a malicious file with a carefully crafted filename, which could trigger the execution of arbitrary code. Exploitation of CVE-2018-15505 required only a user account with permissions to upload files, making it a serious threat to any Drupal-based website. Upon discovering the vulnerability, Drupal's security team quickly released a security advisory and patch to address the issue. They recommended that all Drupal site administrators apply the patch as soon as possible, and also advised them to review their access controls to limit the number of users who have permission to upload files. While there were no reports of exploitation in the wild prior to the release of the patch, it is always important to take proactive measures to protect against such vulnerabilities.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2018-15505 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a year ago
Hitachi Energy MSM | CISA