PULSE
LIVE44signals / 24h
FEED
ransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Services
← All CVEs
CVE Watch

CVE-2019-6340

Drupal Core Remote Code Execution Vulnerability

CVSS

No CVSS

EPSS

92.0%

p100

KEV

YES

Mar 25, 2022

Exploit Today

80

0-100

Published: · Last modified:

EPSS · 30d
91.9%EPSS · 30 days92.0%
2026-06-302026-07-16
KEV catalog record

Product

Drupal / Core

Vulnerability

Drupal Core Remote Code Execution Vulnerability

Added to KEV

Mar 25, 2022

Remediate by

Apr 15, 2022

Known ransomware use

No

Summary description

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-6340

Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2018-7602
99.9%
KEV80Drupal Core Remote Code Execution Vulnerability
CVE-2026-9082
99.7%
KEV80Drupal Core SQL Injection Vulnerability