In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
PoC: CVE-2019-6340
Drupal8's REST RCE, SA-CORE-2019-003, CVE-2019-6340
PoC: CVE-2019-6340
Environment for CVE-2019-6340 (Drupal)
PoC: Drupal-SA-CORE-2019-003
CVE-2019-6340-Drupal SA-CORE-2019-003
PoC: CVE-2019-6340
CVE-2019-6340 POC Drupal rce
PoC: Apasys-CVE-2019-6340
Drupal RCE CVE Python Exploit
PoC: CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass
CVE-2019-6340 Drupal 8.6.9 REST Auth Bypass examples
PoC: cve-2019-6340
cve-2019-6340
PoC: Drupal_REST-RCE_Unauthenticated
This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without waiting for cache expiration.
PoC: CVE-2019-6340
Drupal Drupal 8.6.x RCE Exploit
PoC: cve-2019-6340-bits
Bits generated while analyzing CVE-2019-6340 Drupal RESTful RCE
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free