CVE-2018-7600, which was assigned a score of 21/25, can be exploited by accessing a page on a targeted Drupal website. Once successfully exploited, it gives the attacker full control over a site, including access to non-public data and the possibility to delete or modify system data.While analyzing the security of Drupal, security researcher Jasper Mattsson discovered a remote code execution vulnerability that impacts all versions of the open source content management system. The vulnerability,
Although this vulnerability affects over one million websites, it has been patched with the following releases:
Workarounds are available, but all require drastic changes to the current website which temporarily replaces the Drupal page with a static HTML page. Users are urged to upgrade their installations to the latest versions as soon as possible.