Security News > 2019 > February > Hackers Actively Exploiting Latest Drupal RCE Flaw Published This Week

Hackers Actively Exploiting Latest Drupal RCE Flaw Published This Week
2019-02-26 12:48

Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/K7g8FhHI_WM/drupal-hacking-exploit.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-02-21 CVE-2019-6340 Deserialization of Untrusted Data vulnerability in Drupal
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10.
network
high complexity
drupal CWE-502
8.1
8.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 15 0 66 45 14 125