Drupal Vulnerability – Drupalgeddon2 ( CVE-2018-7600 )

If you are using Drupal on your website please read on…

The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over the site just by accessing a URL. We highly recommend that Drupal site owners immediately update your sites to Drupal 7.58 or Drupal 8.5.1, depending on the version you’re running. If you are unsure how to do so, please contact our Support team.

The Drupal team pre-announced the recent patches last week when it said “exploits might be developed within hours or days” after the disclosure.

This new Drupal Vulnerability allows an attacker to run any code he desires against the Drupal CMS’ core component, effectively taking over the site. The attacker doesn’t need to be registered or authenticated on the targeted site, and all the attacker needs to do is access the URL.

A nickname for this Drupal Vulnerability is “Drupalgeddon2”.

Drupal 6 is also affected. However, since Drupal was declared end of life (EOL) in 2016, NO patches will be issued by the Drupal Team.