Drupal developers are urged to patch a bug that allows attackers to take over a site simply by visiting it.
Drupal released a patch for a “highly critical” flaw in versions 6, 7 and 8 of its CMS platform that could allow an attacker to take control of an affected site simply by visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS platforms.
The Drupal developers alert (SA-CORE-2018-002) estimates over one million sites running Drupal are impacted. Affected are Drupal CMS versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1. Also impacted is Drupal 6 and 8.3.x and 8.4.x releases, said Drupal.
For More Details :
https://threatpost.com/drupal-issues-highly-critical-patch-over-1m-sites-vulnerable/130859/
