Drupal Team Acknowledges Serious Vulnerability In CMS Drupal 

Share It On:

ThreatNix reports, the Drupal team publicly acknowledged a severe vulnerability in the open source CMS Drupal on March with the release of a patch to address the vulnerability. The vulnerability stemming from the insecure handling of user inputs received from form API AJAX requests allows unauthenticated, remote code execution in the affected website. The vulnerability can be leveraged to completely take over an affected site.

The POC exploit for the vulnerability has been recently released by a Russian security researcher after Check Point, and Dofinity published the technical details of the vulnerability. Following the public release of the exploit,

After Check Point and Dofinity published the technical aspects of the vulnerability, Russian security researched released the POC exploit for the vulnerability. Researchers from Sucuri, Imperva, and the SANS Internet Storm Center have observed automated attempts to develop the weakness named Drupalgeddon2 originating from hundreds of sources. Many attempts to exploit more than a million websites built on Drupal have been identified over the past couple of days.

According to ThreatNix, this vulnerability that affects Drupal versions 6 to 8 is being used to compromise sites to embed crypto miners within them. This exploit has further boosted the injection of crypto miners by taking over websites which have been a trend among malicious actors for quite some time now.

Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 2.3% of all websites worldwide – ranging from personal blogs to corporate, political, and government sites. Systems also use Drupal for knowledge management and business collaboration.

As of January 2018, the Drupal community is composed of more than 1.3 million members, including 109,800 users actively contributing, resulting in more than 39,500 free modules that extend and customize Drupal functionality, over 2,570 free themes that change the look and feel of Drupal, and at least 1,200 free distributions that allow users to quickly and easily set up an elaborate, use-specific Drupal in fewer steps.

Drupal 7.58 or Drupal 8.5.1 should be immediately upgraded by website administrator to remove the vulnerability. While Drupal 6, also affected by the vulnerability, is no longer supported, a patch was still provided to address the weakness in this version.

Many reputed IT professionals have publicly warned against the issues. They unsurprisingly have asked people to immediately update Drupal to the patched version and to consider themselves hacked if they do not do so quickly.


Share It On:

Recent Posts

56 Companies Declare Dividends: NEPSE Dividend Update 2023/24 – Cash and Bonus Shares Breakdown

56 Companies Declare Dividends: NEPSE Dividend Update 2023/24 – Cash

Share It On:7th December 2024, Kathmandu  A total of 56 companies and mutual funds listed on the Nepal Stock Exchange

Samsung Unveils One UI 7: Redefining the Smartphone Experience with Powerful AI and Intuitive Design

Samsung Unveils One UI 7: Redefining the Smartphone Experience with

Share It On:7th December 2024, Kathmandu  Samsung Nepal announced the public release of the One UI 7 beta program, boasting

Sanima Bank’s 20th Anniversary Celebration: Community-Focused Blood Drive Promotes Health and CSR Initiatives

Sanima Bank’s 20th Anniversary Celebration: Community-Focused Blood Drive Promotes Health

Share It On:7th December 2024, Kathmandu Sanima Bank has jointly organized a blood donation program with Community Service Center-Naxal, Community

MAW Vriddhi Expands EV Presence in Birgunj: Launch of New Showroom and Exciting Test Drive Camp

MAW Vriddhi Expands EV Presence in Birgunj: Launch of New

Share It On:6th December 2024, Kathmandu MAW Vriddhi Motors Pvt. Ltd. the authorized importer of Dongfeng Nammi and Seres has

NIBL Invests in Nepal Hydropower Project: Supporting Electro Power’s 44 MW Green Energy Initiative

NIBL Invests in Nepal Hydropower Project: Supporting Electro Power’s 44

Share It On:6th December 2024, Kathmandu NIBL Equity Partners, a private equity firm focused on fostering sustainable businesses, has signed

Samsung TV 2024 Cashback Offer: Enjoy 4K Cricket Experience with Up to 31% Off

Samsung TV 2024 Cashback Offer: Enjoy 4K Cricket Experience with

Share It On:6th December 2024, Kathmandu With the historic first season of the Nepal Premiere League cricket commencing in full