Drupal - Security advisory

  Print
Dear valued customers,

With regards to the recent Security advisory released by Drupal, a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

Impact
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Solution:
Upgrade to the most recent version of Drupal 7 or 8 core.
If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)

Refer the link given below to update Drupal.

---
Drupal 7: https://www.drupal.org/docs/7/update/core-option-3
Drupal 8: https://www.drupal.org/docs/8/update
---
To know more about this vulnerability, please refer https://www.drupal.org/sa-core-2018-002

Thanks & Regards,
Team Balasai.

0 out of 0 people found this article useful.

Related Articles

Self-Hosted Help Desk Software by SupportPal.

Login

 
Forgot password?
Register now

Language