{"id":21653,"date":"2018-04-05T18:16:54","date_gmt":"2018-04-05T12:46:54","guid":{"rendered":"https:\/\/blog.resellerclub.com\/?p=21653"},"modified":"2026-02-13T10:38:42","modified_gmt":"2026-02-13T10:38:42","slug":"drupal-fixes-flaw-that-allows-hackers-to-take-over-sites","status":"publish","type":"post","link":"https:\/\/www.resellerclub.com\/blog\/drupal-fixes-flaw-that-allows-hackers-to-take-over-sites\/","title":{"rendered":"Drupal Fixes Flaw That Allows Hackers to Take Over Sites"},"content":{"rendered":"

This post aims to throw light on the recent flaws discovered in Drupal that exposed it to hackers. The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL. This means that Drupal site owners should <\/span>immediately <\/b>update their sites to Drupal 7.58 or Drupal 8.5.1, depending on the version they\u2019re running. <\/span><\/p>\n

The Drupal team<\/span> pre-announced<\/span><\/a> the recent patches last week when it said “exploits might be developed within hours or days” after the disclosure. This security flaw is indeed a severe one, with the Drupal team assigning it a severity score of 21 (on a scale of 1 to 25).<\/span><\/p>\n

Drupal affected by unauthenticated RCE flaw<\/b><\/p>\n

The bug \u2014tracked under the<\/span> CVE-2018-7600<\/span><\/a> identifier\u2014 allows an attacker to run any code he desires against the CMS’ core component, effectively taking over the site.<\/span><\/p>\n

The attacker doesn’t need to be registered or authenticated on the targeted site, and all the attacker needs to do is access the URL.<\/span><\/p>\n

Drupalgeddon2<\/b><\/p>\n

The Drupal community has already nicknamed this bug as Drupalgeddon2 after the Drupalgeddon security bug (<\/span>CVE-2014-3704<\/span><\/a>, SQL injection, severity 25\/25) disclosed in 2014 that led to numerous Drupal sites getting hacked for years afterward.<\/span><\/p>\n

The Drupal team says it was not aware of any attacks exploiting the flaw when they published their<\/span> security alert<\/span><\/a>, but everyone from the official Drupal team to independent security researchers expect this vulnerability to enter active exploitation within hours or days. Patching should not be ignored.<\/span><\/p>\n

EOLed Drupal 6 also affected<\/b><\/p>\n

Besides fixes for Drupal’s two main branches \u20147.x and 8.x\u2014 the Drupal team announced patches for the ancient 6.x branch that was discontinued in February 2016.<\/span><\/p>\n

Web firewall products are expected to receive updates in the following days to handle exploitation attempts.<\/span><\/p>\n

What Drupal site owners can do<\/b><\/p>\n

Drupal developers recommend patching first, but if this isn’t possible, apply mitigation solutions such as temporarily replacing a Drupal site with a static HTML page, so the vulnerable Drupal site would not serve the vulnerable URLs to visitors.<\/span><\/p>\n

In addition, it is highly recommended that all staging and in-dev Drupal installations should be updated or taken down completely until the patch can be applied.<\/span><\/p>\n

For more information on this, head over to <\/span>https:\/\/www.drupal.org\/security<\/span><\/a><\/p>\n

Reseller Club Hosting Services<\/h2>\n

Reseller Hosting<\/a> | Windows Reseller Hosting<\/a> | Cloud Hosting<\/a> | VPS Hosting<\/a> | Managed VPS Hosting<\/a> | Dedicated Server Hosting<\/a> | Windows Dedicated Server<\/a> | Managed Dedicated Server<\/a> | Linux Shared Hosting<\/a> | Windows Shared Hosting<\/a><\/p>\n

\n\t\t\t
\n\t\t\t <\/div><\/div>\n\t\t