On March 28th, Drupal released a security update that fixes a critical remote code execution vulnerability nicknamed Drupalgeddon 2.0. Detectify scans your site for this vulnerability and will alert you if you are running a version of Drupal.

What can happen if I’m vulnerable?

The issue (CVE-2018-7600) is a remote code execution vulnerability that allows attackers to take over a Drupal site, accessing all non-public as well as being able to modify or delete it. The vulnerability can be exploited by simply accessing a URL, which is why it has been assigned a high severity score.

Who is affected by this vulnerability?

Sites running Drupal versions 8, 7, and 6 (note that Drupal 6 is no longer supported) are all at risk. According to an FAQ post written by the Drupal security team, this adds up to over one million sites.

What should I do if I see this finding in my Detectify report?

Immediately upgrade to the most recent version of Drupal core. If you are running 7.x, the release is 7.58, and if you are running 8.5.x, you should upgrade to 8.5.1.

The Drupal team has confirmed that exploits for this vulnerability have been developed and that evidence of automated attempts emerged last . This is why we recommend you to inspect your logs for signs of malicious activity.

If you are unable to install the latest version of Drupal straightaway, you can use the suggested in the security advisory to temporarily fix the vulnerability until you can upgrade your installation.

More information

Drupal Public Service Announcement
Drupal Security Advisory
Drupalgeddon 2.0 FAQ



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here