CVE-2019-6340

Drupal Core Remote Code Execution Vulnerability

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. Vendor/Product: Drupal Core. Added to CISA KEV 2022-03-25; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2019-6340