CVE-2019-6340
Drupal Core Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
92.0%
p100
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
91.9%EPSS · 30 days92.0%
2026-06-302026-07-16
Product
Drupal / Core
Vulnerability
Drupal Core Remote Code Execution Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
No
Summary description
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-6340