Security News > 2018 > April > Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners

Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners
2018-04-18 10:03

The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2 that could allow attackers to completely take over vulnerable websites has now been exploited in the wild to deliver malware backdoors and cryptocurrency miners. Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/MD2BV_vaXf8/drupal-cryptocurrency-hacking.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-03-29 CVE-2018-7600 Improper Input Validation vulnerability in multiple products
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
network
low complexity
drupal debian CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 15 0 66 45 14 125