Warning: Hackers have attacked several websites using Drupal

Warning: Hackers have attacked several websites using Drupal
Le Hai

Recently, the Vietnam Computer Emergency Response Team (VNCERT) issued a warning in Official Dispatch No. 109/VNCERT-KTHT&GS regarding the security vulnerability in the Drupal content management system.

VNCERT urges organizations to promptly check and thoroughly detect websites using Drupal and be cautious of the following two security vulnerabilities:

Remote Code Execution:

- International vulnerability code: CVE-2018-7600 or SA-CORE-2018-002;

- Severity level: Serious;

- Impact: This vulnerability allows hackers to remotely execute unauthorized commands, upload unauthorized files, modify interfaces, etc. Currently, some hackers have exploited this vulnerability for cryptocurrency mining purposes.

Cross Site Scripting - XSS:

- International vulnerability code: SA-CORE-2018-003;

- Severity level: High;

- Impact: This vulnerability allows hackers to execute XSS attacks through CKEditor when using the Image2 plugin.

For more information on how to handle these two vulnerabilities, please refer to Official Dispatch No. 109/VNCERT-KTHT&GS dated April 23, 2018.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE

2 lượt xem



  • Address: 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
    Phone: (028) 7302 2286
    E-mail: info@lawnet.vn
Parent company: THU VIEN PHAP LUAT Ltd.
Editorial Director: Mr. Bui Tuong Vu - Tel. 028 3935 2079
P.702A , Centre Point, 106 Nguyen Van Troi, Ward 8, Phu Nhuan District, HCM City;