Drupal Remote Code Execution (SA-CORE-2018-004)
Description
Drupal versions 7.x and 8.x contain a critical remote code execution vulnerability affecting multiple subsystems of the content management system. This flaw, identified as SA-CORE-2018-004, allows unauthenticated or authenticated attackers to exploit various attack vectors to execute arbitrary code on the server. Successful exploitation can lead to complete compromise of the Drupal installation, including unauthorized access to sensitive data, modification of site content, and full server control.
Remediation
Immediately upgrade your Drupal installation to a patched version based on your current release branch:
For Drupal 7.x users: Upgrade to Drupal 7.59 or later
For Drupal 8.5.x users: Upgrade to Drupal 8.5.3 or later
For Drupal 8.4.x users: Upgrade to Drupal 8.4.8 or later
Upgrade Steps:
1. Back up your entire Drupal installation, including the database and all files
2. Put your site into maintenance mode to prevent user access during the upgrade
3. Download the appropriate patched version from the official Drupal website
4. Follow the official Drupal core upgrade documentation for your version
5. Test the upgraded site thoroughly in a staging environment before deploying to production
6. Review server logs for any signs of exploitation prior to patching
If immediate patching is not possible, consider temporarily restricting access to the site or implementing web application firewall (WAF) rules as a temporary mitigation measure. However, upgrading remains the only complete solution.