Drupalgeddon2 Remote Code Execution (CVE-2018-7600)
Overview
Drupalgeddon2 Remote Code Execution, tracked as CVE-2018-7600, affects vulnerable Drupal core installations. Drupal is a widely used open-source content management system, so a remotely reachable unauthenticated code execution issue in core can put public websites and their underlying servers at serious risk.
Vulnerability Overview
CVE-2018-7600, commonly known as Drupalgeddon2, is a remote code execution vulnerability in Drupal core. Drupal's advisory describes the issue as affecting multiple subsystems in Drupal 7.x and 8.x, with default or common module configurations exposed.
The vulnerability is associated with insufficient input validation in request processing paths. Because exploitation does not require authentication in affected configurations, internet-facing Drupal sites can be exposed before an attacker has any valid user account.
Impact
CVE-2018-7600 has a CVSS 3.1 score of 9.8 and is rated Critical in NVD. The score reflects network reachability, low attack complexity, no required privileges, no user interaction, and high confidentiality, integrity, and availability impact.
Successful exploitation can allow arbitrary code execution on the Drupal application server. A compromised site may expose user data, configuration secrets, content, uploaded files, and database credentials, and the server can become a foothold for persistence or movement into connected infrastructure.
CVE-2018-7600 is also listed in the CISA Known Exploited Vulnerabilities Catalog, which reflects confirmed exploitation in real environments.
Vulnerability Scope
CVE-2018-7600 affects Drupal 7.x before 7.58, Drupal 8.0.x before 8.3.9, Drupal 8.4.x before 8.4.6, and Drupal 8.5.x before 8.5.1. Drupal published the issue as SA-CORE-2018-002 and advised administrators to upgrade to the fixed releases or apply the provided patches.
The highest-risk exposure is a public Drupal site running an affected core version with default or common module configurations. Older unsupported Drupal branches can carry additional known vulnerabilities, so version posture should be reviewed beyond this single CVE.
Lab Focus
This lab focuses on understanding how a core CMS input validation flaw can become unauthenticated remote code execution. The goal is to practice recognizing high-impact public application exposure, understanding why default and common configurations matter, and evaluating the operational urgency of a widely exploited CMS vulnerability.