CVE-2018-7600
a vulnerability was found in drupal up to 7.57/8.3.8/8.4.5/8.5.0 (Content Management System). It has been classified as critical. This affects an unknown code block. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability.
exploit (drupalgeddon)
I found this exploit online that works well