The popular CMS system Drupal has been found to contain a highly critical security vulnerability that affects Drupal versions 7 and 8. The flaw has been given the CVE-2018-7600 identifier.
Drupal developers are urging admins to patch their websites as soon as possible as unpatched sites are at high risk of remote code execution. More than one million websites may be affected by the flaw if their admins leave them vulnerable.
CVE-2018-7600 Should Be Patched Immediately
Here’s the official description of CVE-2018-7600:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
The vulnerability is rated as highly critical, and could cause severe damage to a website. A vulnerable website can be hacked via remote code execution due to a missing input validation.
Last week, Drupal started informing users that a highly critical release is going to be released in the upcoming days, urging admins to patch immediately. This announcement seemed rather unusual for the CMS platform, and developers were left highly concerned.
If you are running 7.x, upgrade to Drupal 7.58, and if you are running 8.5.x, upgrade to Drupal 8.5.1, Drupal said in their advisory.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: