Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
Posted by Jaison N on 27 April 2018 02:09 PM
Greetings from Bigrock India!
This is to inform you regarding the recent Security advisory released by Drupal. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Upgrade to the most recent version of Drupal 7 or 8 core.
If you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:
Refer the link given below to update Drupal.
Drupal 8: https://www.drupal.org/docs/8/update
To know more about this vulnerability, please refer here.
Note: Kindly ignore the mail, if you are not using Drupal application in your domains.
Please contact our Support team if you have any concerns.