Shulou(Shulou.com)05/31 Report--

Today I'll tell you about CNNVD's report on remote code execution vulnerabilities in Drupal Core. The content of the article is good. Now I would like to share it with you. Friends who feel in need can understand it. I hope it will be helpful to you. Let's read it along with the editor's ideas.

The National Information Security vulnerability Library (CNNVD) has received reports of Drupal Core remote code execution vulnerabilities (CNNVD-201804-1490, CVE-2018-7602). An attacker who successfully exploits this vulnerability can conduct a remote code execution attack on the target system. Several versions of Drupal, including version 7.x and version 8.x, are affected by this vulnerability. At present, some of the vulnerability verification codes for this vulnerability have been made public on the Internet, and Drupal officials have issued patches to fix the vulnerability. It is recommended that users confirm whether they are affected by the vulnerability and take remedial measures as soon as possible.

I. introduction of loopholes

Drupal is a free and open source content management framework developed in PHP language maintained by the Drupal community. It consists of content management system (CMS) and PHP development framework (Framework).

The Drupal Core remote code execution vulnerability (CNNVD-201804-1490, CVE-2018-7602), which is related to the previous Drupal Core remote code execution vulnerability (CNNVD-201803-1136, CVE-2018-7600) in March 2018, is due to the incomplete repair of this vulnerability by Drupal officials, resulting in patches that can be bypassed for remote code execution.

II. Harmful effects

An attacker who successfully exploits this vulnerability can conduct a remote code execution attack on the target system. At present, some of the vulnerability verification codes of this vulnerability have been made public on the Internet, and it is likely to be exploited in the near future. The versions affected by the vulnerability are as follows:

Version 7.x of Drupal and version 8.x of Drupal.

III. Suggestions for restoration

At present, Drupal has officially released a patch to fix this vulnerability. Please check the product version in time. If you confirm that it is affected by the vulnerability, please follow the following measures to protect it as soon as possible.

1. Upgrade the Drupal version:

Drupal 7.x please upgrade to Drupal version 7.59.

Upgrade Drupal version 8.4.x to version 8.4.8

Drupal 8.5.x Please upgrade to Drupal 8.5.3.

2. If the user cannot upgrade the version immediately, please update the patch at the following address:

Patch address 7.x version https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0Drupal 8. x https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=bb6d396609600d1169da29456ba3db59abae4b7e and above is the whole content of CNNVD's notification of remote code execution vulnerabilities in Drupal Core For more information about how CNNVD reports about remote code execution vulnerabilities in Drupal Core, you can search for previous articles or browse the following articles to learn! I believe the editor will add more knowledge to you. I hope you can support it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.