Knowledgebase: Announcements
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
Posted by on 27 April 2018 02:09 PM

Dear Customer,


Greetings from Bigrock India!


This is to inform you regarding the recent Security advisory released by Drupal.  A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.



Upgrade to the most recent version of Drupal 7 or 8 core.


  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.


If you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:


These patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)


Refer the link given below to update Drupal.



Drupal 7:

Drupal 8:



To know more about this vulnerability, please refer here.


Note: Kindly ignore the mail, if you are not using Drupal application in your domains.


Please contact our Support team if you have any concerns.



Brand Team