Remote Code Execution Vulnerability in Drupal Exploited in the Wild

Just over a week after threat actors began exploiting a critical Drupal vulnerability, dubbed “Drupalgeddon2,” a separate critical vulnerability (CVE-2018-7602) in Drupal was disclosed by the Drupal CMS team on April 25 and then exploited just five hours later. Successful exploitation of this vulnerability could allow a remote threat actor to execute code and take complete control of the compromised site. Drupal Core versions prior to 7.59, 8.5.3, and 8.4.8 are affected; there are at least 2,700 Drupal-powered sites hosted in New Jersey that may be vulnerable if left unpatched. The NJCCIC recommends all Drupal site owners and administrators review the Drupal Core Security Advisory and update their sites to version 7.5.9 or 8.5.3 as soon as possible. Although Drupal 8.4.x versions are no longer supported by Drupal, version 8.4.8 was released to address the vulnerability.