Drupalgeddon 2.0 (CVE-2018-7600)

On March 28th, Drupal released a security update that fixes a critical remote code execution vulnerability nicknamed Drupalgeddon 2.0. Detectify scans your site for this vulnerability and will alert you if you are running a vulnerable version of Drupal.

What can happen if I’m vulnerable?

The issue (CVE-2018-7600) is a remote code execution vulnerability that allows attackers to take over a Drupal site, accessing all non-public data as well as being able to modify or delete it. The vulnerability can be exploited by simply accessing a URL, which is why it has been assigned a high severity score.

Who is affected by this vulnerability?

Sites running Drupal versions 8, 7, and 6 (note that Drupal 6 is no longer supported) are all at risk. According to an FAQ post written by the Drupal security team, this adds up to over one million sites.

What should I do if I see this finding in my Detectify report?

Immediately upgrade to the most recent version of Drupal core. If you are running 7.x, the latest release is 7.58, and if you are running 8.5.x, you should upgrade to 8.5.1.

The Drupal security team has confirmed that exploits for this vulnerability have been developed and that evidence of automated attack attempts emerged last week. This is why we recommend you to inspect your logs for signs of malicious activity.

If you are unable to install the latest version of Drupal straightaway, you can use the patches suggested in the security advisory to temporarily fix the vulnerability until you can upgrade your installation.

More information

Drupal Public Service Announcement
Drupal Security Advisory
Drupalgeddon 2.0 FAQ