A Drupal core vulnerability has been announced. This vulnerability, identified as SA-CORE-2018-004, allows a remote attacker to execute code on a Drupal website through various attack methods. It is advised to upgrade to the latest versions of Drupal 7 or 8. As of now, no attacks leveraging this vulnerability have been observed, so updating promptly is crucial.
What is a Remote Code Execution Vulnerability?
A remote code execution vulnerability is a security flaw that enables an attacker to execute code on a website. By doing so, the attacker could potentially gain access to the website, its server, and/or database.
Where Can a Patch be Downloaded?
Drupal has released updated versions on their website. However, these patches are only effective if you have already addressed the SA-CORE-2018-002 vulnerability that was disclosed two weeks prior.
Recommended Steps from Drupal:
- If using version 7.x, upgrade to Drupal 7.59.
- If using version 8.5.x, upgrade to Drupal 8.5.3.
- If using version 8.4.x—although unsupported—upgrade to Drupal 8.4.8 immediately, and then to 8.5.3 or the latest secure release as soon as possible.
If immediate update is not feasible, or if your distribution does not yet include this security release, consider applying the patch to address the vulnerability temporarily.
What if You Don’t Have the SA-CORE-2018-002 Patch?
According to Drupal’s announcements, sites might already be affected. Automated attacks targeting Drupal 7 and 8 websites using the vulnerability in SA-CORE-2018-002 are now known, elevating the security risk score of this issue. Sites not patched by April 11, 2018, might be compromised.
For more details about the SA-CORE-2018-004 vulnerability, refer to recent security updates.
Images modified by Author
