Published: 06/08/2018 Updated: 04/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Drupal core 8 prior to 8.3.4 allows remote malicious users to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz Discuz_＜34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_carbuyaction_存储型XSS DedeCMS_v57_友情链接CSRF_GetSh

部分cms的exp

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 ThinkPHP ThinkPHP_323-5010_缓存函数设计缺陷 Discuz Discuz_＜34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_car

CWE-19 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple http://www.securitytracker.com/id/1038781 http://www.securityfocus.com/bid/99211 https://nvd.nist.gov https://github.com/copperfieldd/CMS-Hunter https://github.com/binfed/cms-exp

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6920

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect