Yesterday, the developers of Drupal announced that versions 7.x, 8.4.x and 8.5.x this week will receive new security updates, since the critical vulnerability in CMS, known as Drupalgeddon2, could not be completely fixed by the first patches.
Release of updates scheduled for April 25 . These patches are designed to eliminate the recently disclosed critical vulnerability, which received the identifier CVE-2018-7600 and the name Drupalgeddon2.
According to the developers, the planned patches are an addition to the previously released updates that eliminated Drupalgeddon2.
In addition to this vulnerability, developers discovered one more. This vulnerability has been assigned an identification number CVE-2018-7602 , Drupal plans to eliminate This vulnerability tomorrow.
“The Drupal security team strongly recommends reserving the time to update the core version, as exploits can be ready for several hours or days,” the developers write. “We can not disclose more detailed information on the vulnerability until the relevant updates are issued.”
According to 360Netlab research, at least three cybercrime groups are actively using the recently patched gap. One of the cyberthreats involved in exploiting this hole in security is known as the Muhstik botnet.
Recall that a critical vulnerability affects all versions of the popular content management system Drupal. This hole can be used to gain full control over vulnerable sites. Experts believe that this hole in security can become as important as Drupalgeddon
It’s very important that you monitoring your website permanently for vulnerability and make sure that all website component is updated. For vulnerability diagnostic your can use our protection plugin for WP or antivirus scanner for other PHP platform.