SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT

Drupalgeddon 2 Vulnerability (Apr 20, 2018)


Drupal is an open source content management software. It is distributed under the terms of GNU General Public License (GPL).

A remote code execution vulnerability (AKA "Drupalgeddon 2" or CVE-2018-7600) was discovered in Drupal. The vulnerability is due to insufficient input sanitization on user supplied form data. An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target. Successful exploitation would result in arbitrary code execution under the security context of the web server.

Drupal users should upgrade to latest version (7.58 for Drupal 7.x, and 8.5.1 for Drupal 8.5.x) immediately to protect their systems.

SonicWall Capture Labs Threat Research team provides protection against this threat via the following signatures:

  • IPS sid:13293 "Drupal Form API Remote Code Execution 1"
  • IPS sid:13294 "Drupal Form API Remote Code Execution 2"
  • WAF sid:9016 "PHP Injection Attack"

Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
© 2020 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 15.7 | S1MSW01