Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit
Jun 05, 2018
Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security patches were released almost two months ago. Security researcher Troy Mursch scanned the whole Internet and found over 115,000 Drupal websites are still vulnerable to the Drupalgeddon2 flaw despite repetitive warnings. Drupalgeddon2 (CVE-2018-7600) is a highly critical remote code execution vulnerability discovered late March in Drupal CMS software (versions < 7.58 / 8.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1) that could allow attackers to completely take over vulnerable websites. For those unaware, Drupalgeddon2 allows an unauthenticated, remote attacker to execute malicious code on default or standard Drupal installations under the privileges of the user. Since Drupalgeddon2 had much potential to derive attention of motivated attacke