1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Drupal Code Injection CVE-2019-6340

Web Attack: Drupal Code Injection CVE-2019-6340

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit an arbitrary PHP code injection vulnerability in Drupal Core.

Additional Information

Drupal is a PHP-based content manager.

Drupal is prone to a remote code-execution vulnerability. Specifically, this issue occurs because it fails to properly sanitize data from non-form sources.

Note#1: This issue affects Drupal 8 sites that has RESTful Web Services (rest) module enabled and allows PATCH or POST requests.

Note#2: This issue also affects Drupal 7 sites that use RESTful Web Services or the Services module.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.


  • The following products are affected:
  • Drupal versions 8.6.x, prior to 8.6.10
  • Drupal versions 8.5.x prior 8.5.11
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube