Security Alerts

Critical Vulnerability Exposes Drupal Websites

While analyzing the security of Drupal, security researcher Jasper Mattsson discovered a remote code execution vulnerability that impacts all versions of the open source content management system. The vulnerability, CVE-2018-7600, which was assigned a score of 21/25, can be exploited by accessing a page on a targeted Drupal website. Once successfully exploited, it gives the attacker full control over a site, including access to non-public data and the possibility to delete or modify system data.

Although this vulnerability affects over one million websites, it has been patched with the following releases:

Drupal 7.58
Drupal 8.5.1
Drupal 8.3.9
Drupal 8.4.6

Workarounds are available, but all require drastic changes to the current website which temporarily replaces the Drupal page with a static HTML page. Users are urged to upgrade their installations to the latest versions as soon as possible.

Have you registered for our next event?

View Upcoming Events

Critical Vulnerability Exposes Drupal Websites

Have you registered for our next event?

Subscribe to monthly newsletter

Nuspire Cybersecurity Experience

SERVICES

INDUSTRIES

Contact Us

RESOURCES

MyNuspire

Terms of Use