Drupalgeddon: Critical Flaw Exposes Million Drupal Websites to Attacks

By Eduard Kovacs

All versions of the Drupal content management system are affected by a highly critical vulnerability that can be easily exploited to take complete control of affected websites in what may turn out to be Drupalgeddon 2.0.

While analyzing the security of Drupal, Jasper Mattsson discovered a serious remote code execution flaw that impacts versions 6, 7 and 8. This represents more than one million websites that can be hacked by a remote and unauthenticated attacker.

The security hole, tracked as CVE-2018-7600 and assigned a risk score of 21/25, can be exploited simply by accessing …read more

Via:: Security Week