Recently, the Vietnam Computer Emergency Response Team (VNCERT) issued a warning in Official Dispatch No. 109/VNCERT-KTHT&GS regarding the security vulnerability in the Drupal content management system.
VNCERT urges organizations to promptly check and thoroughly detect websites using Drupal and be cautious of the following two security vulnerabilities:
Remote Code Execution:
- International vulnerability code: CVE-2018-7600 or SA-CORE-2018-002;
- Severity level: Serious;
- Impact: This vulnerability allows hackers to remotely execute unauthorized commands, upload unauthorized files, modify interfaces, etc. Currently, some hackers have exploited this vulnerability for cryptocurrency mining purposes.
Cross Site Scripting - XSS:
- International vulnerability code: SA-CORE-2018-003;
- Severity level: High;
- Impact: This vulnerability allows hackers to execute XSS attacks through CKEditor when using the Image2 plugin.
For more information on how to handle these two vulnerabilities, please refer to Official Dispatch No. 109/VNCERT-KTHT&GS dated April 23, 2018.
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |