Security advisories

Drupal Remote Code Execution Vulnerability Update

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

eSentire Threat Intelligence is aware of a recently disclosed vulnerability in Drupal content management software. Threat Intelligence assesses with high confidence that vulnerable systems are at immediate risk of exploitation. On April 25, 2018, Drupal published a security advisory for CVE-2018-76021 with a risk level of Highly Critical. Since publication, proof of concept code has been released and attacks have been reported.

What we’re doing about it

What you should do about it

Additional information

CVE-2018-7602 affects unpatched versions of Drupal 7.x and 8.x. The vulnerability was discovered by Drupal developers while investigating the recently disclosed Drupal vulnerability CVE-2018-7600. The two vulnerabilities are connected but both require their own set of patches. Additional information on CVE-2018-7600 can be found in the eSentire advisory from April 17, “Drupal Remote Code Execution Vulnerability” 5.

Exploitation attempts were reported approximately five hours after initial patch release on April 25, 2018. Successful exploitation of this vulnerability could result in attackers gaining complete control of the compromised website.


References:

[1] https://www.drupal.org/sa-core-2018-004

[2] https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=bb6d396609600d1169da29456ba3db59abae4b7e

[3] https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0

[4] https://www.drupal.org/sa-core-2018-002

[5] https://www.esentire.com/news-and-events/security-advisories/drupal-remote-code-execution-vulnerability/

View Most Recent Advisories