Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-6340 PoC — Drupal core - Highly critical - Remote Code Execution

Source
https://github.com/DevDungeon/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass
Associated Vulnerability
Title:Drupal core - Highly critical - Remote Code Execution (CVE-2019-6340)
Description:Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
Description
CVE-2019-6340 Drupal 8.6.9 REST Auth Bypass examples
File Snapshot

 [4.0K]  /data/pocs/eee8c6a7ca08975c7d38e5dce60471a0b287ca22
├── [1.2K]  create_node_via_rest.py
├── [1.0K]  does_not_correspond.py
├── [1.6K]  exploit.py
└── [ 856]  README.rst

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →