• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Drupal RCE Exploit Has Been Released for the “Drupalgeddon2” Vulnerability

Zaid Rasheed by Zaid Rasheed
April 19, 2018
An image of the Drupal that is vulnerable to an RCE Exploit.

An image of the Drupal that is vulnerable to an RCE Exploit.

Share on FacebookShare on Twitter

In just a short span of time, after the working Drupal RCE Exploit is released to the general public, the hackers have begun exploiting the recently revealed vital vulnerability in Drupal. From the past couple of weeks, Drupal’s security crew had noticed extremely critical remote code execution vulnerability, a dubbed “Drupalgeddon2” in the content management system software. This could enable the cyber attackers to take over the vulnerable websites in the virtual space notoriously.

For this vulnerability to be addressed immediately, Drupal had released the updated version of the Drupal CMS without the need to launch any technical particulars, which give more than 1,000,000 websites the opportunity to have enough time to patch the difficulty.

Days earlier, Check Point and Dofinity’s security researchers had published the complete technical details regarding the vulnerability (CVE-2018-7600). With its help, a Russian safety researcher launched a Drupal RCE Exploit or proof-of-concept exploit code for the Drupalgeeddon2 vulnerability on the GitHub website.

A screenshot of the Drupal RCE Exploit Code.
A screenshot of the Drupal RCE Exploit Code.

Hackers had taken advantage from the RCE Exploit of the Drupalgeeddon2, which impacts to complete versions of Drupal (from 6 to 8) to execute malicious codes on common or default Drupal installations.

The vulnerability had taken place due to the inadequate sanitation of the inputs passed through the request in Form API (FAPI) AJAX, according to the confession made by Check Point.

“In return, this had completely allowed the attackers to inject malicious payloads into the structure in internal form, “ said the Check Point’s researcher. “This will cause Drupal to act without the user’s authentication. By exploiting the vulnerability, the attackers were given a chance to carry out efforts to fully take over the websites of any customer under Drupal.”

However, after the Drupal RCE Exploit is launched, which many of the users had confirmed it to works, the researchers from the Imperva, Sucuri and SANS Internet Storm Center had begun seeing the attempts to exploit the Drupalgeddon2. They said this though none of them have yet seen and heard any reports that the cyber attackers are hacking some websites.

The website administrators that are still using and running the vulnerable Drupal RCE Exploit should cover the vulnerability by immediately updating the CMS to a Drupal 7.58 or even higher to Drupal 8.5.1, so they can avoid the possible exploits.

This vulnerability also affects the version Drupal 6 that is no longer having support from the company since 2016. However, a patch for this version had still been created.

Tags: Drupal RCE ExploitDrupalgeddon2
Zaid Rasheed

Zaid Rasheed

A senior technical writer and content creator at The Hack Post. Cyber Security Expert for longer than I can remember and an adamant lover of Social Media. Writing is a passion of mine and The Hack Post lets me express that.

Next Post
An image of Red Bull logo with a Hacked text.

Red Bull Website Hacked by Prosox

Latest Articles

Startup expansion strategy for entering the US market, global business growth concept
Business

Graham R Taylor: How a Startup Knows It Is Ready to Enter the U.S. Market

July 10, 2026
Image 1 of Why Multi-Flavor Disposable Vapes Become Popular Among German and Spanish Vapers
Business

Why Multi-Flavor Disposable Vapes Become Popular Among German and Spanish Vapers

July 7, 2026
Image 1 of How Real-Time Technology Enhances the Online Gaming Experience
Gaming

How Real-Time Technology Enhances the Online Gaming Experience

July 1, 2026
Image 1 of Here are ten ways to improve your personal security in crypto, from the basics everyone should follow to the steps that matter most if you’re a public investor, founder, or executive.
Cyber Security

10 Ways to Improve Your Personal Security in Crypto

June 28, 2026
Image 1 of Best Video Face Swap AI Tools in 2026: 8 Platforms Compared for Realistic Face Swapping
Business

Best Video Face Swap AI Tools in 2026: 8 Platforms Compared for Realistic Face Swapping

June 28, 2026
Insurance risk assessment concept with documents, charts, and coverage policy on a desk
Business

Eric Poe: Understanding Insurance Risk Assessment and Its Role in Fair Coverage

June 26, 2026
Wooden garden fence with lush greenery, showcasing popular garden fencing design and materials
Business

Key Considerations When Building Garden Fencing

June 25, 2026
Image 1 of Growing Smarter & Faster with Outsourced Accounting and HR Services
Business

Growing Smarter & Faster with Outsourced Accounting and HR Services

June 23, 2026
Image 1 of Site: http://thehackpost.com
Business

How Does Sustainability Management Improve Business Performance and Profitability?

June 22, 2026
Modern air conditioner and ceiling fan in a bright living room for effective summer cooling solutions
Featured

Cooling Solutions for a Refreshing Summer

June 21, 2026
TradeQuo platform interface showcasing crypto trading features and broker award recognition
Business

TradeQuo: What a Fast-Growing Crypto Broker Award Tells Traders About the Platform

June 17, 2026
Conceptual graphic illustrating data breach monitoring and exposure intelligence solutions for businesses
Cyber Security

HIBP Alternatives for Businesses: Moving From Breach Lookup to Exposure Intelligence

June 16, 2026
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019