Drupal Remote Code Execution (SA-CORE-2018-002)

  • A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
  • Upgrade to the most recent version of Drupal 7 or 8 core.

    If you are running 7.x, upgrade to Drupal 7.58.
    If you are running 8.5.x, upgrade to Drupal 8.5.1.