CVE-2019-6340 | Cybersecurity Alerts | Nexus IT Services, LLC

← Back to Cybersecurity Alerts

CVE-2019-6340

Drupal | CoreAdded 2022-03-25Remediation Deadline 2022-04-15

Drupal Core Remote Code Execution Vulnerability

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-502

References

https://nvd.nist.gov/vuln/detail/CVE-2019-6340