Description
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Remediation
Upgrade to the most recent version of Drupal 7 or 8 core.
If you are running 7.x, upgrade to Drupal 7.59.
If you are running 8.5.x, upgrade to Drupal 8.5.3.
If you are running 8.4.x, upgrade to Drupal 8.4.8.
References
Related Vulnerabilities
WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
WooFramework shortcode exploit
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)