Drupal Remote Code Execution (SA-CORE-2018-004)

Description
  • A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Remediation
  • Upgrade to the most recent version of Drupal 7 or 8 core.

    If you are running 7.x, upgrade to Drupal 7.59.
    If you are running 8.5.x, upgrade to Drupal 8.5.3.
    If you are running 8.4.x, upgrade to Drupal 8.4.8.
References