Zero Day MonitorZDM

← Back to list

EST

PRE-CVEPATCHED

drupal · alternativecommerce (basket)

Critical Arbitrary PHP Code Execution in Drupal AlternativeCommerce (Basket)

72% confidence

Description

A critical vulnerability in Drupal AlternativeCommerce (Basket) allows arbitrary PHP code execution. This affects versions prior to 2.1.17.

Affected Products

Vendor	Product	Versions
drupal	alternativecommerce (basket)	< 2.1.17

Related News (1 articles)

Tier B

CCCS Canada2h ago

Drupal security advisory (AV26-518)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.1.17

PublishedMay 28, 2026

Last enriched1h ago

Tags

arbitrary code executionphpcriticalweb

Trending Score30

Source articles1

Independent1

Info Completeness6/14

Missing: cve_id, cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-9082EXPKEV

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

CRITICALCVE-2026-8495

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

NONECVE-2026-4929EXP

Simple Hierarchical Select (Drupal 7) XSS in term-derived output

MEDIUMCVE-2026-6367EXP

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

NONECVE-2026-4093EXP

Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

May 28, 2026

Patch Available

May 28, 2026

Discovered by ZDM

May 28, 2026