Security News > 2018 > April > New Drupal RCE vulnerability under active exploitation, patch ASAP!

New Drupal RCE vulnerability under active exploitation, patch ASAP!
2018-04-26 15:05

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affects Drupal versions 7.x and 8.x. Users should upgrade to v7.59 and 8.5.3. Those who, for whatever reason, can’t implement the update can implement standalone patches, but before doing so they have to apply the fix from SA-CORE-2018-002 … More → The post New Drupal RCE vulnerability under active exploitation, patch ASAP! appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ygbRMibdqJU/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-07-19 CVE-2018-7602 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x.
network
low complexity
drupal debian
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 135 209 504 90 16 819