Security News > 2018 > April > Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

2018-04-26 12:48
Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild. Announced yesterday, the newly discovered vulnerability (CVE-2018-7602) affects Drupal 7 and 8 core and allows remote attackers to achieve exactly same what previously discovered
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/wJPpbntTGZo/drupalgeddon3-exploit-code.html
Related news
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- How cybercriminals exploit psychological triggers in social engineering attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-19 | CVE-2018-7602 | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. | 9.8 |