HOW CAN WE HELP YOU TODAY?

1
Knowledgebase: Announcements
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
Posted by Jaison N on 27 April 2018 02:09 PM

Dear Customer,

 

Greetings from Bigrock India!

 

This is to inform you regarding the recent Security advisory released by Drupal.  A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.



Solution:

 

Upgrade to the most recent version of Drupal 7 or 8 core.

 

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.

 

If you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:

 

These patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)

 

Refer the link given below to update Drupal.

 

---

Drupal 7: https://www.drupal.org/docs/7/update/core-option-3

Drupal 8: https://www.drupal.org/docs/8/update

---

 

To know more about this vulnerability, please refer here.

 

Note: Kindly ignore the mail, if you are not using Drupal application in your domains.

 

Please contact our Support team if you have any concerns.

 

Regards,

Brand Team