TTCSIRT-105.040318: TT-CSIRT Advisory – Drupal Security Updates
Drupal has released a security update stating that a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially could allow attackers to exploit multiple attack vectors on a Drupal site and result in it being compromised.
In addition, depending on the privileges associated with the user, an attacker could exploit this vulnerability and install programs; view, change or delete data or even create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|Further information on this vulnerability and how it can be mitigated can be found on the Drupal Website at https://www.drupal.org/sa-core-2018-002