Warning: Hackers have attacked several websites using Drupal

Lê Hải

08:36, 24/04/2018

Recently, the Vietnam Computer Emergency Response Team (VNCERT) issued a warning in Official Dispatch No. 109/VNCERT-KTHT&GS regarding the security vulnerability in the Drupal content management system.

VNCERT urges organizations to promptly check and thoroughly detect websites using Drupal and be cautious of the following two security vulnerabilities:

Remote Code Execution:

- International vulnerability code: CVE-2018-7600 or SA-CORE-2018-002;

- Severity level: Serious;

- Impact: This vulnerability allows hackers to remotely execute unauthorized commands, upload unauthorized files, modify interfaces, etc. Currently, some hackers have exploited this vulnerability for cryptocurrency mining purposes.

Cross Site Scripting - XSS:

- International vulnerability code: SA-CORE-2018-003;

- Severity level: High;

- Impact: This vulnerability allows hackers to execute XSS attacks through CKEditor when using the Image2 plugin.

For more information on how to handle these two vulnerabilities, please refer to Official Dispatch No. 109/VNCERT-KTHT&GS dated April 23, 2018.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE

2 lượt xem

- The legal regulations in this article are according to Vietnamese Law;
- This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
- Articles may be compiled from a variety of sources;
- Applicable Terms may have expired at the time you are reading;
- If you have any questions about the copyright of the article, please contact us via email banquyen@lawnet.vn