On March 28th, the Drupal security team announced a highly critical vulnerability known as, drupalgeddon2, in the Drupal core. The Drupal CMS is the second most popular content management system and over a million sites were affected at the point of announcement.
The remote code execution vulnerability, tracked as CVE-2018-7600, affects Drupal 7 and 8 core. The vulnerability allows for any visitor to the sites running on those versions to potentially hack it through remote code execution due to a missing input validation. This “allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised”, as mentioned in a blog update from the Drupal security team.
If you are a Vodien customer on Drupal, you need not worry as all of our shared servers are protected against this bug with our A.I. Sentry. A.I. Sentry is powered by Imunify360 and other security integrations which provides total protection against attacks including remote exploitation. Proactive security measures are one of the many benefits you get as a Vodien customer, so you can have a peace of mind whenever new vulnerabilities arise.
For others who are not our customer and on Drupal, please read the solutions provided by the Drupal team:
Update to the latest version of Drupal 7 or 8 core:
– If you are running 7.x, upgrade to Drupal 7.58.
– If you are running 8.5.x, upgrade to Drupal 8.5.1.
– Patches are available for 8.3.x and 8.2.x versions
– Versions older than 8.2.x have to update to a later version and update accordingly