Drupal Remote Code Execution (SA-CORE-2018-002)
Description
Drupal versions 7.x (prior to 7.58) and 8.x (prior to 8.5.1) contain a critical remote code execution vulnerability affecting multiple subsystems. The flaw allows unauthenticated attackers to exploit various attack vectors due to insufficient input validation, potentially leading to complete compromise of the Drupal installation. This vulnerability, known as Drupalgeddon 2, is highly exploitable and has been actively targeted in the wild.
Remediation
Immediately upgrade to a patched version of Drupal core:
For Drupal 7.x users:
1. Backup your database and files
2. Upgrade to Drupal 7.58 or later following the official upgrade guide
3. Clear all caches after upgrading
For Drupal 8.5.x users:
1. Backup your database and files
2. Upgrade to Drupal 8.5.1 or later using Composer or the official upgrade process
3. Clear all caches after upgrading
Post-upgrade actions:
- Review server logs for suspicious activity between March 28, 2018 and your patch date
- If compromise is suspected, perform a full security audit and consider restoring from a clean backup
- Monitor for unauthorized administrative accounts or modified files
Note: Sites compromised before patching may contain backdoors that persist after the upgrade. If you patched after March 28, 2018, conduct a thorough security review.