Highly critical CMS bug has left over 1 million sites open to attack

The team behind the popular open-source CMS Drupal is advising admins to update their sites to ward off a nasty glitch that could leave their sites” highly compromised” to attackers, according to the organization.

The effected versions( Drupal 6, 7 and 8) of the CMS power over one million websites on the internet.

Drupal has marked the security risk as “highly critical” and warns that any visitor to the site could theoretically hack it through remote code execution due to a missing input validation.

” This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised ,” different groups noted in a blog post.

Drupal sent out an alert last week, telling users that they’d be dropping a” very critical release” this weekend and they should update immediately. The proclamation was unusual for Drupal and left developers on high alert for the targeted time frame of the release on Friday. Sites operating vulnerable versions of Drupal, should update to Drupal 7.58 or Drupal 8.5.1 as soon as possible to avoid exploits. Drupal notes that they have yet to see any reports of exploits in the wild yet.

The bug’s official identifier is CVE-2 018 -7 600 though users on social media have taken to calling it drupalgeddon2, referencing another major release from the org in 2014.

Make sure to visit: CapGeneration.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s