Intrusion PreventionDrupal.Core.Form.Rendering.Component.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in Drupal Core.
The vulnerability is due to an input validation error when parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of target application, via a crafted HTTP request.
Outbreak Alert
FortiGuard Labs’ network telemetry has observed active exploitation of known vulnerabilities in Drupal Core and the WP-Automatic WordPress plugin for initial access. Following compromise, attackers deploy multiple web shells and utilities to enable lateral movement, privilege escalation, and the installation of remote access trojans (RATs).
Affected Products
Drupal 7.x before 7.58
Drupal 8.x before 8.3.9
Drupal 8.4.x before 8.4.6
Drupal 8.5.x before 8.5.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://www.drupal.org/sa-core-2018-002
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
References
https://www.drupal.org/sa-core-2018-002| ID | 45752 |
| Created | Apr 05, 2018 |
| Updated | Nov 03, 2025 |
| CVE ID | |
| Tags | ShadowSilk Data Exfiltration Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.49% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | PHP_app |
| Profile Type | OS Command Injection |