The update plugs a hole that exposes a million websites to attacks

Content management system (CMS) platform Drupal is urging its to a for a “highly ” vulnerability that can be readily exploited by attackers to wrest control of any website built with this open-source software platform.

Based on which of the two branches (7.x or 8.5.x) they are using, Drupal website owners should rush to update to version 7.58 or 8.5.1. In addition, the team behind Drupal has put out fixes for older and no-longer supported versions. This includes versions 8.3 and 8.4, as well as Drupal 6, which reached its end-of life as far back as February 2016.

The organization behind Drupal assigned the remote-code execution vulnerability a risk score of 21/25. The flaw, designated CVE-2018-7600, makes it possible for an attacker to “exploit multiple attack vectors” against a website, which could then become “completely compromised”, according to the statement by the Drupal team.

What this means, according to the team, is that the attacker could access, delete and modify any non-public on the vulnerable website powered by Drupal. No privileges or login credentials are needed to compromise the site.

- Screenshot 2018 3 29 Drupal Security on Twitter Update now Drupal core Highly critical Remote Code Execution SA CO  - Drupal urges users to install a patch for a “highly critical” vulnerability

Drupal’s announcement of the patches on Twitter

The vulnerability was discovered by Jasper Mattsson, who works for a firm that conducts security audits for Drupal.

The organization behind Drupal gave a heads-up of the incoming updates seven days in advance, hinting at the severity of the problem. “The Drupal Security Team urges you to reserve time for core updates at that time because might be developed within hours or days,” according to the announcement last week. No such exploits or proof-of-concept code have been spotted in the wild yet, said Drupal’s team.

According to, Drupal is the third most popular CMS platform, behind WordPress and Joomla. Drupal’s team says that its CMS platform is used by more than 1 million websites.

Source link


Please enter your comment!
Please enter your name here