Critical Drupal Flaw Leaves Millions of Sites Vulnerable
Last week, a warning had been issued by Drupal to site admins running versions 6, 7, and 8, advising them to apply the latest patches to address a vulnerability that could leave their sites completely compromised.
Drupal is advising admins to update to Drupal 7.58 or 8.5.1. According to their developers, millions of sites are still running vulnerable versions, but there have not been any reports of any attacks so far.
The vulnerability, named Drupalgeddon2, has received ‘highly critical’ rating with a risk score of 21 out of 25 under the NIST Common Misuse Scoring System. Drupal says that any visitor can gain access to private data on the vulnerable site by exploiting the flaw.