Drupal CMS bug may leave a million websites compromised

Drupal releases fixes for the vulnerabilities on its Drupal 7.x and 8.x versions, to offset vulnerabilities that could compromise a million websites powered by the affected versions.


Drupal, an open source content management platform, has some of its versions affected by a bug, that could leave over one million websites compromised.

Drupal’s team is urging the admins to update their sites to rid it of the vulnerability, reported TechCrunch. The versions that are affected are Drupal 6, 7, and 8, and they power over a million websites on the Internet.

Drupal’s blog post marked the risk as highly critical. “A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,” posted Drupal on its blog post.

The post suggests users to upgrade to Drupal 7.58 and 8.5.1, if you are running 7.x and 8.5.x respectively.

Drupal, on March 21, 2018, announced in a post about a highly critical release upcoming on 28th of March. The release and its nature left developers on tenterhooks. The release was also for the versions 8.3.x and 8.4.x, the ones that Drupal doesn’t support anymore, but given the severity of the attack the fixes were provided, it stated in the release.