Security News > 2018 > April > New Drupal RCE vulnerability under active exploitation, patch ASAP!
2018-04-26 15:05
Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affects Drupal versions 7.x and 8.x. Users should upgrade to v7.59 and 8.5.3. Those who, for whatever reason, can’t implement the update can implement standalone patches, but before doing so they have to apply the fix from SA-CORE-2018-002 … More → The post New Drupal RCE vulnerability under active exploitation, patch ASAP! appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ygbRMibdqJU/
Related news
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-19 | CVE-2018-7602 | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. | 9.8 |