techwebies.com
Drupal remote code execution vulnerability exploited widely - Techwebies
Drupal has had a bad first half of 2018 regarding security. Following Drupalgeddon 2 and the botnet exploits came a smaller update. This is now followed with a critical vulnerability (SA-CORE-2018-004) that allows remote code execution. The commit showing the made patches to Drupal 8.x is available online: https://github.com/drupal/drupal/commit/e116f8d39efc8bc7ac9065007480a2f45bd734ea#diff-7bff52b3a152bd658c6b6ec3f48c13fd The flaw exists in the Drupal core package in all …