1 min read

Mitigation Instructions for CVE-2018-7602

SUBJECT: CVE-2018-7602 Drupal Core Remote Code Execution Vulnerability

TECH STACK: Drupal 7.x and 8.x

DATE(S) ISSUED: 07/19/2018



CVE-2018-7602 is a vulnerability in Drupal, an open-source content management system (CMS) software. The vulnerability could allow an attacker to execute arbitrary code on a Drupal site, potentially allowing them to take complete control of the site and its associated data.

The vulnerability is caused by a flaw in the way that Drupal processes certain types of data, specifically form input. An attacker could exploit this flaw by creating a specially crafted form that, when submitted to a Drupal site, could execute arbitrary code on the server. The vulnerability affects Drupal versions 7.x and 8.x.



CISA has added CVE-2020-13671 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise. 



Base Score: 9.8 CRITICAL

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


The patch for CVE-2018-7602 was released by Drupal on April 25, 2018. It is included in the latest versions of Drupal 7.x and 8.x. To apply the patch, you will need to upgrade your Drupal site to the latest version of the software.

You can download the latest version of Drupal from the Drupal website:


To install the software, follow the instructions provided on the website. It is important to apply the patch as soon as possible to protect your Drupal site from potential attacks. It is also recommended to regularly check for and install the latest security updates to ensure that your Drupal site is protected from the latest threats.



Mitigation Instructions for CVE-2020-2021

SUBJECT:CVE-2020-2021: Improper Verification of Signatures in PAN-OS SAML Authentication

Read More

Mitigation Instructions for CVE-2019-1579

SUBJECT:CVE-2019-1579  Remote Code Execution in PAN-OS GlobalProtect Interface

Read More

Mitigation Instructions for CVE-2021-27065

SUBJECT:CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability (HAFNIUM Exploited)

Read More