Many old Drupal 7 and 8 websites with vulnerabilities are still in use today

According to this article: Feds list the top 30 most-exploited vulnerabilities. Many are years old, older version of Drupal 7 and 8 is in the top 12 of list of softwares that are still being exploited by hackers. 

This came as a surprise as i always thought most people or businesses keep their site up to date since security is a top priority.

Drupal with the flaw are version 7.57 and 8.5. The vulnerability is Remote Code Execution (CVE-2018-7600). A patch to fix this was released back in 28th March 2018.

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

I urge anyone still running any older version of Drupal to update now to latest version which are 7.82 and 8.9.17 (as of today).

How to update your site? please read this documentation

If you do not know how to update your Drupal site, it is worth spending little investment to hire a Drupal developer or Drupal company to get the job done. I also offer Drupal services so contact me if you need help.


The content of this field is kept private and will not be shown publicly.
Your email address will be kept private and will not be shown publicly.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.