A highly critical flaw has been discovered in Drupal’s CMS platform. This vulnerability could allow remote code execution and is affecting Drupal 7 and Drupal 8 core.
The security hole, tracked as CVE-2018-7602[1] is a remote code execution vulnerability that allows attackers to take control of the complete victim website.
Drupal has issued an advisory at https://www.drupal.org/sa-core-2018-004. Wapack Labs has seen how attackers developed automated exploits, leveraging Drupalgeddon2 vulnerability, to inject cryptocurrency miners, backdoors, and other malware into victim websites. This within few hours after it's warning went public.
Besides these two flaws, the team also patched a moderately critical cross-site scripting (XSS) vulnerability last week, which could have allowed remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Since the previously disclosed vulnerability[2] received much attention, the company has urged all of its users to update and install latest patches. This is important.
Mitigation and Recommendations:
- If you are running 7.x, upgrade to Drupal 7.59.
- If you are running 8.5.x, upgrade to Drupal 8.5.3.
- If you are running 8.4.x, which is no longer supported, you need first to update your site to 8.4.8 release and then install the latest 8.5.3 release as soon as possible.
If you are interested in more information on this subject, please contact us at feedback@wapacklabs.com
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602
[2] Wapack Labs report: TR-18-089-001, dtd 30 March 2018
Comments