Serious errors in Drupal CMS, but sites protected by CloudFlare are potentially secure

Since yesterday's evening hours of Polish time, the world of webmasters has been circulating about serious vulnerabilities in the Drupal CMS (known as CMF). The CVE-2018-7600 vulnerability has been fixed so that the attacker could run arbitrary code on the server without special permissions - the attacker in the default installation did not need to authenticate. The vulnerability was determined by the Drupal engine security team as highly critical. The error received 21 points out of 25 possible.

CVE-2018-7600 susceptibility is referred to as Drupalgeddon2 (the first Drupalgeddon occurred in 2014 with the magnitude of the severity of threat 25/25 points according to Drupal counting indicators ).

Due to the seriousness of the threat, no technical details were provided. The exploitation of the vulnerability was so simple that the attacker did not need to authenticate on the site as a logged-in user, let alone an administrator. It was enough to have access to the browser and the bar with the URL. By modifying the URL, it was possible to delete or modify the data.

So far, no public exploit has been developed yet, although it is not known whether manipulation of the URL would work on a different than the default configuration. If, however, your site was hacked, the Drupal team developed a guide on what to do .

However, the situation is very serious. We recommend urgent updating of the core. All core versions before 7.58 and 8.5.1 are vulnerable. These versions have been patched as soon as possible.

More details about the vulnerability, see the vulnerability site CVE-2018-7600.

Administrators of unsupported Drupal versions from lines 6.X and 5.X can read the topic on Reddit and the patch .

Websites protected by the CloudFlare web-based firewall are potentially secure . WAF CloudFlare is not available in the free version of the CDN network service.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.