CVE-2019-6340CISA KEV: Actively Exploited

Drupal Core Remote Code Execution Vulnerability

Published Mar 25, 2022·Updated Mar 25, 2022

Description

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Public Exploits & PoCs10 found

PoC: CVE-2019-6340

Drupal8's REST RCE, SA-CORE-2019-003, CVE-2019-6340

67

PoC: CVE-2019-6340

Environment for CVE-2019-6340 (Drupal)

43

PoC: Drupal-SA-CORE-2019-003

CVE-2019-6340-Drupal SA-CORE-2019-003

32

PoC: CVE-2019-6340

CVE-2019-6340 POC Drupal rce

15

PoC: Apasys-CVE-2019-6340

Drupal RCE CVE Python Exploit

5

PoC: CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass

CVE-2019-6340 Drupal 8.6.9 REST Auth Bypass examples

3

PoC: cve-2019-6340

cve-2019-6340

1

PoC: Drupal_REST-RCE_Unauthenticated

This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without waiting for cache expiration.

PoC: CVE-2019-6340

Drupal Drupal 8.6.x RCE Exploit

PoC: cve-2019-6340-bits

Bits generated while analyzing CVE-2019-6340 Drupal RESTful RCE

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free